Help Me With HIPAA
482 episodes - English - Latest episode: 14 days ago - ★★★★★ - 61 ratingsIn today's environment of data breaches, identity theft, fraud, and increasing connectivity, HIPAA Privacy and Security rules are a responsibility to your patients and your clients. HIPAA isn't about compliance, it's about patient care.
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
HIPAA Horror Stories V3 Ep - 127
October 27, 2017 04:30 - 35 minutes - 48.7 MBEach year we have done a special scary episode for Halloween. Last year we took you on a tour of a haunted house. This year for HIPAA Horror Stories V3 we get to hear a campfire horror story. So gather around and hear how scary HIPAA mishaps can be for us all! For more info go to HelpMeWithHIPAA.com/127
Social Media, Marketing, and HIPAA - Ep 126
October 20, 2017 04:30 - 49 minutes - 67.4 MBWhen it comes to social media, marketing, and HIPAA things can get a little dicey. There are certainly many cases where using social media has gone awry in health care cases. However, when handled correctly, you can actually use social media, marketing, and HIPAA in a sentence without getting chills down your spine. Today, Janet Kennedy joins us for a discussion on the positive reasons you should be active on social media and the precautions you should take to make sure everything stays in...
On-boarding and Termination Checklists - Ep 125
October 13, 2017 04:30 - 48 minutes - 66.5 MBDuring the onboarding and termination process is where many mistakes are made that lead to security incidents and even reportable breaches. Today we discuss why they are important and the kinds of things you should consider having in yours. For more information HelpMeWithHIPAA.com/125
Talk To The Boss About HIPAA - Ep 124
October 06, 2017 04:30 - 44 minutes - 61.2 MBHow do you talk to the boss about HIPAA? That is a regular question we get around here. The staff responsible for compliance gets trained and understands what needs to be done but they don't get leadership support. Over the years we have had to have those conversations many times. It is never easy but there are some key pointers to making ground with your argument and turning the tide for supporting your efforts. Today we cover a few of our ideas on how to broach the subject effectively ...
OCR Audit Updates Phase 2 - Ep 123
September 29, 2017 04:30 - 35 minutes - 48.5 MBDuring the NIST OCR HIPAA Security Conference we covered in the last two episodes, there was also a session on OCR Audit Updates. OCR gave an update on the information gleaned so far from the compliance desk audits that were started in 2016. Their presentation included some interesting details. Today we cover the information they shared so you can compare and contrast those details against your own program. For more details HelpMeWithHIPAA.com/123
NIST and OCR Security Conference Part Deux – Ep 122
September 22, 2017 04:30 - 56 minutes - 78 MBThis is the second episode covering the things David has to share from the Safeguarding Health Information conference. There are many great points he picked up. As we review them we keep coming back to the reminder that HIPAA is about patient care now. Join us as we discuss everything from ransomware requirements to security for a small practice on this episode. More info at HelpMeWithHIPAA.com/122
NIST and OCR Security Conference - Ep 121
September 19, 2017 20:40 - 48 minutes - 66.4 MBThe annual NIST and OCR security conference has come around again. This year, David attended the conference via webcast and shares his notes on the first day of the conference. Before the conference discussion, we have to touch on the announcement from Equifax about their HUGE data breach. For more information go to HelpMeWithHIPAA.com/121
Disaster Recovery Preparations Ep - 120
September 08, 2017 04:30 - 42 minutes - 57.7 MBWe recorded this episode on the day that Harvey was hitting Houston and had no idea just how bad that disaster would eventually become for those on the gulf coast. On the day we publish this episode, we are both personally involved in the evacuations and preparations in advance of Irma. She is forecast to hit Florida, Georgia, and the Carolinas in the next few days. The timing for this discussion could not be more appropriate from a news perspective but this planning should have already tak...
Should I use a local, data center, or cloud server? - Ep 119
September 01, 2017 04:30 - 53 minutes - 74 MBEvery time we discuss server security issues it opens a debate about where is the best place to keep your servers. There are three options and we are going to discuss them today. Local hosting vs data center hosting vs cloud servers under HIPAA. For more details HelpMeWithHIPAA.com/119 email us: [email protected]
What is reasonable and appropriate? Ep 118
August 25, 2017 04:30 - 42 minutes - 14.7 MBWhat is reasonable and appropriate? The HIPAA legal reference and guidance mentions reasonable and appropriate all over the place. Many times that concept creates confusion. How do you determine what is reasonable or appropriate for any environment? More at HelpMeWithHIPAA.com/118
Alexa Plus HIPAA Plus Other Questions - Ep 117
August 18, 2017 04:30 - 46 minutes - 64.5 MBCan a doctor have Alexa in OR to play music? Is it a HIPAA violation for staff to look at their own records or is it an internal policy violation? I am a small company BA do I really have to do all of HIPAA compliance requirements? If I know my upstream BA or CE isn't following their HIPAA compliance obligations what am I legally obligated to do? Why would you make daily copies of your visitor logs? More info at HelpMeWithHIPAA.com/117
Security Incident Investigations Find More Than Expected - Ep 116
August 11, 2017 03:02 - 43 minutes - 60.1 MBSometimes following the news lets you find things like security incident investigations with interesting details. But, these cases were different than most. Even better than that, we learned how can a fish tank help hackers! There were just too many parts of these stories that got my attention to pass them up. When something occurs and the investigation uncovers way more to the story than you normally see we should all learn from them. More details at HelpMeWithHIPAA.com/116
Incident Response Plans V2 - Ep 115
August 04, 2017 04:30 - 45 minutes - 62.8 MBIncident response plans have been a topic of our show several times. But, these days we just can't get enough of a good thing! Actually, there is a reason we are covering it in this episode. I was reviewing a Business Associate Due Diligence from a software provider. In the questionnaire, we always ask if you have a written incident response plan and trained incident response team. They responded Yes, with a comment of "we have an engineering department". More info at HelpMeWithHIPAA.co...
Compliance Officer Personal Liability? - EP 114
July 28, 2017 04:30 - 37 minutes - 51.8 MBThere has always been a concern from many people we work with about compliance officer personal liability. Specifically, is a compliance officer personally liable for the compliance of the company? The recent settlement agreement between the FTC and the Chief Compliance Officer of Moneygram has created interesting conversations for compliance circles. In this case, the Chief Compliance Officer of Moneygram was able to reach a settlement in the liability case against him but it included a $...
OCR Mic Drop For Cloud Providers - EP 113
July 21, 2017 04:30 - 50 minutes - 70 MBThe monthly OCR Cyber Newsletter for June had some interesting points. The fact that OCR mentions multiple times and in multiple ways that they do not endorse, certify, or recommend specific technology or products should serve as their "OCR mic drop moment" on this discussion. We can dream, can't we! Today we are going to review that newsletter and how they have pointed these things out once again. Before we close out the episode we are also covering some questions and comments from lis...
NotPetya, Windows, and Ransomware - Ep 112
July 14, 2017 16:00 - 40 minutes - 55.8 MBThis is not another episode about preventing and responding to the NotPetya ransomware. There are countless articles about those topics. We are discussing the bigger picture today. In this episode, NotPetya, Windows, and Ransomware, we discuss what happened in the case but also what does all of this really mean in the big picture of cyber attacks. If you don't stay proactive in evaluating what the criminals may do next then you don't have a chance of being anything but reactive. In ligh...
Breach reporting costs and decisions for 2017 - Ep 111
July 14, 2017 01:22 - 48 minutes - 66.3 MBIn June, the NY State Attorney General announced a settlement with CoPilot, a healthcare services company that illegally deferred notice of breach of more than 220,000 patient records. Another annual report was also just released with the latest numbers : 2017 Cost of a Data Breach Study from Ponemon Institute and IBM. Today, we are going to discuss how the two of them can help us all make better decisions where potential breaches of PHI are concerned. Breach reporting costs and decisions...
What is MDM and why do I want it? - Ep 110
June 30, 2017 00:41 - 45 minutes - 63.1 MBMobile devices are susceptible to malware attacks, phishing, and other security vulnerabilities just the same as laptops and desktops. The systems most of us have in place are directed at managing the security for laptops and desktops, however. It is important to expand your security controls to address the growing threat that mobile devices introduce to your network and systems regularly. In most cases, it is important to have a "home base" tool that can talk to and monitor the mobile...
eCW Whistleblower Made The Difference - Ep 109
June 23, 2017 12:29 - 46 minutes - 63.3 MBThere are countless times we have covered the "my EHR vendor handles HIPAA for me" misconception. The recent $155 million whistleblower lawsuit settlement between eClinicalWorks (eCW) and the government really brings it home how wrong you can be about EHR vendors. Meaningful Use attestations relied heavily on the vendors supplying proper information. eCW set up thousands of organizations to take a major hit based on the details in this case and it's settlement. Especially, when you take in...
5 Stages Of Grief During A Cyber Attack - Ep 108
June 16, 2017 10:30 - 51 minutes - 71.1 MBThe 5 stages of grief during a cyber attack really do follow the process of dealing with grief in those familiar 5 stages. Many don't realize that ransomware attacks aren't always just the result of someone clicking in an email and running a program. As Erie County Medical Center found out recently, ransomware attacks can come from a hacker being active in your network too. Those 5 stages of grief during a cyber attack for them and others we have seen is what we will be discussing today. ...
10 Ways HIPAA Should Have Stopped Rodeo Drive Breach - Ep 107
June 09, 2017 10:30 - 48 minutes - 66.9 MBA major breach of PHI was announced by a Beverly Hills plastic surgeon's office on Jun 1. There are so many things about this case from the fact that it involved a malicious insider to how many different ways proper HIPAA policies and procedures would have stopped it, if not prevented it completely. Celebrity patients records breached in this case may make it hit home with a lot of folks who haven't worried too much about those protections until now. We have talked about insiders as a majo...
Disclosure of PHI in May OCR settlements - Ep 106
June 02, 2017 10:30 - 43 minutes - 60.3 MBOCR continued their enforcement trend for 2017 with 2 more settlements announced in May. These stand out on their own because the focus is specific disclosure of PHI instead of major breaches. A total of three patients were involved in these large settlements. This week we review what transpired and what OCR found as violations of privacy for these three patients. For more information go to HelpMeWithHIPAA.com/106
Answering Listener Questions - Ep 105
May 26, 2017 10:30 - 50 minutes - 69.9 MBA wide variety of questions have come in from listeners over the last few weeks. The list is so good we have a whole episode devoted just to answering listener questions. At least one of these will likely apply to you if not several. For more information go to HelpMeWithHIPAA.com/105
What should we learn from WannaCry? - Ep 104
May 19, 2017 10:30 - 48 minutes - 66.9 MBAll of those ransomware outbreaks we have been dealing with since last year were overshadowed this past week by WannaCry. This has been called called the most destructive attack ever. The most concerning part is that was how bad it was but the US wasn't hit that hard. When these kinds of things happen it is always a good idea to review what you learned from the outbreak and any necessary changes you need to make to protect you from this one happening to you. The is the topic of the day. ...
Managing Third Party Access - Ep 103
May 12, 2017 10:30 - 42 minutes - 59 MBYou may not even know about all the applications and support logins that vendors use on your applications, systems, and networks. Vendors may set up admin passwords and share them with their whole staff to support you. If they have unlimited access to the systems out there and the usernames and passwords never expire or log off automatically that is certainly not secure. How do you manage all of those? If there are things that automatically log in and run, what about those? More details a...
No, No, No says OCR in three April settlements - Ep 102
May 05, 2017 10:30 - 43 minutes - 59.6 MBApril has had three more OCR resolution announcements. That's a total of 7 cases for $14.3m in 2017 so far. When we covered resolutions recently I kept waiting for another one to come out and gave up. Then, BAM, three in a row! For more info go to HelpMeWithHIPAA.com/102
Are we creating a crisis of trust in healthcare? - Ep 101
April 28, 2017 10:30 - 47 minutes - 65.1 MBAre we creating a crisis of trust in healthcare? A business partner put that question out to us recently. We have already been looking at several angles to discuss the patient part in all of this breach and ransomware news. This question seems like the perfect way to approach it. Let's look at the topic and see what we think - Are we creating a crisis of trust in healthcare? For more information on this podcast and how to win $100 Amazon gift card go to HelpMeWithHIPAA.com/101
Top 10 HIPAA Lessons - Ep 100
April 21, 2017 10:30 - 49 minutes - 67.3 MBFor our 100th episode we wanted to do a Top 10 list. After some thought, we landed on the Top 10 HIPAA Lessons we hope you get from our little podcast. It is hard to believe that we are publishing our 100th episodes of Help Me With HIPAA! Two years ago we started out with this little idea that has become a really exciting venture for both of us. We truly enjoy the responses and interaction from our listeners. Well, first, we are thrilled to HAVE listeners. But more importantly, we l...
Examples of what not to do from OCR AGAIN - Ep 99
April 14, 2017 10:30 - 43 minutes - 59.2 MBOCR Resolutions 3 and 4 for 2017 were released in February. Examples of what not to do from OCR were released AGAIN. We kept waiting for another resolution to be announced and lump them together. Once we gave up and recorded this episode to review those two you know another one was announced. We will hit that one next time. For now, we review what happened in these cases that resulted in OCR resolutions after a breach notification started an investigation. They are so kind to give us e...
State privacy and breach laws and HIPAA - Ep 98
April 07, 2017 16:00 - 44 minutes - 61 MBRecently, New Mexico passed a new data breach notification law in March. Once it is signed there will only be 2 states that don't have their own notification rules, Alabama and South Dakota. What do all the state laws mean when you are also required to do HIPAA notifications. Most of them say that if you are subject to GLBA or HIPAA the notification laws do not apply to you. But, it is always best to be sure you know what your state requires. HIPAA says that as long as it is more strict ...
Insiders may be your biggest threat to privacy and security Ep - 97
March 31, 2017 10:30 - 44 minutes - 60.4 MBAll the news about ransomware and hackers usually gets the biggest headlines. But, the ones that fly under the radar may be something you should pay more attention to than the big splashy news. Insiders usually don't have to work hard to plot ways to break into your data, you have invited them in and given them access. A damaging assumption is that you don't have to worry about your insiders. Get more info at HelpMeWithHIPAA.com/97
What is included in a mobile access policy - Ep 96
March 24, 2017 10:30 - 44 minutes - 61.7 MBCall it teleworking, remote access, or mobile access if you have any access to PHI outside of your office, you should have a HIPAA mobile access policy. Any person that accesses you systems and data outside of your internal network should be trained and sign off on commitments to protect your PHI. We've never specifically covered the topic of what should be included in a HIPAA mobile access policy. It is about time we did just that. Learn more at HelpMeWithHIPAA.com/96
Can we build a national culture of cybersecurity? - Ep 95
March 17, 2017 10:30 - 46 minutes - 64.5 MBBuilding a culture of a compliance is something we have talked about many times in this podcast. We never looked at it as a community problem. The things we heard about training the human element to build a cyber security culture were very exciting to us. Well, at least to Donna. The concepts they covered about training not just the workforce but training the community as a whole to better understand what cybersecurity really means. We also followed that up with a session that explaine...
Frank Abagnale Can Even Scare Us About ID Theft - Ep 94
March 10, 2017 11:30 - 44 minutes - 61.1 MBIf you saw the movie Catch Me If You Can then you know some of Frank Abagnale's story. Maybe you even read his book Catch Me If You Can: The True Story of a Real Fake. Tom Hanks said "Abagnale’s lecture may be the best one-man show you will ever see." He WAS NOT KIDDING! The famous con man in his youth eventually became a white hat working for the FBI and others to combat fraud and ID theft for over 40 years. Now, he works as a consultant, writer, and speaker on the subject as he ...
HIMSS17: Deven McGraw Talks HIPAA Enforcement - Ep 93
March 03, 2017 11:30 - 48 minutes - 67 MBThe first full day of HIMSS17 HIPAA had a big session. It featured Deven McGraw, Deputy Director for Health Information Privacy at the HHS Office for Civil Rights (OCR). She is also Acting Chief Privacy Officer for the Office of the National Coordinator for Health IT (ONC). Clearly, it was one of the sessions at the top of the list for us to attend. We got there early enough to be perched on the front row. In this episode, we review what McGraw covered in her session and our thoughts on ...
HIPAA Hodge Podge - RDP FAXing Dumpsters - Ep 92
February 24, 2017 11:30 - 45 minutes - 62.4 MBHIPAA news stories are sometimes so short we need to bundle them together. Some listeners questions are also addressed today. So, we have a little bit of everything in this episode. So stick with us as we go through our HIPAA hodge podge. For more details go to HelpMeWithHIPAA.com/92
What is HIPAA privacy anyway - Ep 91
February 17, 2017 11:30 - 37 minutes - 51.4 MBWhat is HIPAA privacy anyway? The annual reporting deadline for little breaches is up at the end of Feb. That means all those little privacy violations in 2016 must be reported on the HHS website soon if you haven't already done it. Since those little ones often mean so much more than the big ones it made me think it would be a good time to talk about privacy. A recent bizarre case in an Atlanta suburb made me realize just how much we value our privacy but may not realize it until it has b...
First HIPAA Settlements of 2017 - Ep 90
February 10, 2017 11:30 - 41 minutes - 57 MBOCR continues releasing new settlement agreements on their new pace. There have been two announced in January 2017. We have no idea what will happen now but since these two brought in over $2.6m there may not be a reason we will see them stop their pace. As always, we believe in learning from other's mistakes (not schadenfreude, though). Time to learn what these two can teach us.... HelpMeWithHIPAA.com/90
Understanding Cybersecurity Insurance With John Miller of Sterling Risk Advisors - Ep 89
February 03, 2017 11:30 - 44 minutes - 61.8 MBMore reasons to have this coverage pop up every day. Whether it is your own business risk management or those required by a business partner in a contract, all businesses should at least evaluate getting cybersecurity coverage. To help us share information on that we have a guest on this episode. Interview with John Miller II, Founding Principal, Sterling Risk Advisors
8 Common HIPAA Myths - Ep 88
January 27, 2017 11:30 - 45 minutes - 62.2 MBWe reviewed the OCR/HHS list of common HIPAA compliance myths when we first started the podcast. Their list is so long that it spread across 3 episodes. Those episodes are still fairly popular today. For today, though, we are covering our own list of common HIPAA compliance myths that we hear. Common HIPAA Compliance Myths Our list may be very similar to all the other lists out there but it is important to cover those because they are clearly STILL being passed along. Why do we keep hear...
Healthcare Breaches Continue in 2017 - Ep 87
January 20, 2017 11:30 - 53 minutes - 74.1 MBAt the beginning of 2016, we did some speculation about what the year would be like in the cybersecurity and HIPAA worlds. Today we plan to review how we did for 2016 and explain expect healthcare breaches continue in 2017. More at https://HelpMeWithHIPAA.com/87
MACRA and HIPAA - Ep 86
January 13, 2017 11:30 - 37 minutes - 50.9 MBWe've talked before about HIPAA showing up in lots of other places. That trend has continue. Now, you will see HIPAA questions on cyber security insurance applications, certification programs from other entities, and now in payment model reforms. Today we are going to talk a little bit about MACRA and HIPAA requirements. If you don't know what MACRA, APMs, and MIPS is all about we may not cover enough to explain it all be we will certainly touch on MACRA and HIPAA crossing paths starting in ...
2017 Compliance Management Plans - Ep 85
January 06, 2017 11:30 - 42 minutes - 58.9 MBLast January, we did an episode with a 2016 Compliance Management Plan. We even created a reminder poster for it you could download. The episode was about providing a compliance management plan guideline for compliance officers who are trying to find a way to fit this in your with all your other job duties. That episode was very popular and the poster was downloaded by new folks even in December. This episode reviews that compliance management plan and adds a bit more to it for "extr...
Healthcare Cyber Attacks - Ep 84
December 30, 2016 11:30 - 40 minutes - 55.3 MBEvery day it seems we read about more healthcare cyber attacks. As the news keeps breaking with more details on the wide variety of cases, we have plenty of work to do just to keep up. Today, there are so many cases to talk about we couldn't even decide what to call the episode. More details at https://HelpMeWithHIPAA.com/84
2016 Blooper Show - Happy Holidays!
December 23, 2016 15:49 - 9 minutes - 12.8 MBListen in to outtakes from this year's episodes. We need something lighter to celebrate the holidays!
HIPAA 21st Century Cures Act - Ep 83
December 16, 2016 13:56 - 34 minutes - 47.1 MBFor a change there was a bipartisan bill passed with some big impacts on healthcare. HIPAA 21st Century Cures Act implications are, of course, our focus. Today, we review some thoughts on the bill that was signed into law this week. More notes at https://HelpMeWithHIPAA.com/83
OCR Phishing And More Announcements - Ep 82
December 13, 2016 17:40 - 46 minutes - 63.4 MBRecorded during our first live broadcast, this episode covers several OCR announcements. We start with the OCR phishing alert. Followed by that we discuss OCR's guidance that said you should consider multi-factor authentication in your risk analysis. There have also been more resolution agreements that we haven't covered on an episode so we hit those, as well. Since it was a live show we also take some questions! For more: https://HelpMeWithHIPAA.com/82
Phishing Attacks In Healthcare - Ep 81
December 02, 2016 11:30 - 45 minutes - 62.8 MBPhishing attacks in healthcare are on the rise just like every other industry. However, unlike many other targets, phishing attacks in healthcare have a much higher return on investment if the phisherman gets anyone to take the bait. We've talked multiple times how healthcare is now a major target for hackers. Then, it only makes sense that we will see a continued rise in efforts aimed at phishing attacks in healthcare. Types of phishing: Phishing - spray and pray - grab an email list and ...
Ep 81 Is Being Held For Ransom
November 25, 2016 11:30 - 44 minutes - 103 MBWe are holding episode 81 for ransom during the Thanksgiving holiday. For our black Friday episode we hope you enjoy this replay of our most popular episode. Stay tuned! Episode 81 will be released next Friday. We will be discussing the different types of phishing, how they work and how you can resist the bait.
HIPAA Compliant Cloud - Ep 80
November 18, 2016 11:30 - 42 minutes - 58.3 MBIn early Oct the long awaited guidance on HIPAA Compliant Cloud was released by HHS / OCR. There wasn't a lot of shocking information for us since it just restated, maybe more clearly, that cloud services providers (CSPs) must sign a BAA and meet certain obligations as a BA. Hopefully, this will address all the cases where some CSPs would use "slight of hand" with phrasing to claim they didn't have to be a HIPAA compliance cloud provider. The amount of "all ya gotta do is" type of misinfor...