Help Me With HIPAA
482 episodes - English - Latest episode: 14 days ago - ★★★★★ - 61 ratingsIn today's environment of data breaches, identity theft, fraud, and increasing connectivity, HIPAA Privacy and Security rules are a responsibility to your patients and your clients. HIPAA isn't about compliance, it's about patient care.
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
OCR Audits and Enforcement 2016 - Ep 79
November 11, 2016 11:30 - 43 minutes - 59.7 MBThis week is basically part 2 from last week. We left off just before reviewing the OCR audits and enforcement updates announced at the NIST / OCR Security Conference 2016. Get more details at HelpMeWithHIPAA.com/79
HIPAA Security Conference 2016 - Ep 78
November 04, 2016 10:30 - 42 minutes - 58.9 MBDonna shares information from the 2016 NIST/OCR Annual Conference on Safeguarding Healthcare Information. Learn what she thought was interesting to share with you. More information at https://HelpMeWithHIPAA.com/78
HIPAA Halloween Haunted House - Ep 77
October 28, 2016 10:30 - 46 minutes - 63.2 MBWe tour the HIPAA haunted house in this year's Halloween episode! Cybersecurity has become a big concern over the last 18 months. Breaches in 2015 have given way to ransomware along with more daring breaches in 2016. What is really happening on your computers, networks, and the Internet every second is terrifying in several ways. There are plenty of amazing and good things happening at the speed of light but so are the bad ones..... For more details go to HelpMeWithHIPAA.com/77
Ransomware and HIPAA - Ep 76
October 21, 2016 10:30 - 38 minutes - 52.3 MBRansomware and HIPAA have been a topic on the podcast multiple times. They are some of our most popular episodes, in fact. Recently, we realized we haven't discussed the OCR guidance on ransomware and HIPAA. On July 11, 2016, HHS.gov featured a new post from Jocelyn Samuels the Director of the Office for Civil Rights (OCR). The title is catchy: Your Money or Your PHI: New Guidance on Ransomware. This episode is a review of that post and the fact sheet with OCR guidance on ransomware and...
Disaster Recovery Planning Under HIPAA - Ep 75
October 14, 2016 10:30 - 45 minutes - 62.4 MBEverything going on today with hurricanes and such makes it is a great time to talk about this. We mention it all the time but this episode is going to be just about what DR/BC means and what you can do to be prepared in advance. So, this episode covers disaster recovery planning under HIPAA but any business can learn from our topics! What is DR/BC Planning? Who should do it? Is this another big expense? What is involved in building and maintaining DR/BC plans? General elements of ...
HIPAA Security Updates Recommended In New Report - Ep 74
October 07, 2016 10:30 - 45 minutes - 62 MBLast year Sen. Lamar Alexander and Sen. Patty Murray asked for answers to some questions concerning cybersecurity in healthcare. They were interested in understanding what CMS and HHS were doing to protect patients from fraud. It seems as though they were wondering if HIPAA security updates where needed. We discussed the Senators request in episode 31 : https://helpmewithhipaa.com/episode-31-enforcement-efforts-ocr-increase-2016/ Their letter asked: What CMS and HHS is doing to mo...
Business Associate Security Issues - EP 73
September 30, 2016 10:30 - 44 minutes - 60.7 MBBAs are in the HIPAA spotlight now more than ever. TheDarkOverlord was clearly using some BA applications to infiltrate networks and exfiltrate PHI. OIG reviewed Alaska VA system after breaches and the report specifically points to the need to monitor BAs OCR audits of BAs are about to start. Previously said end of September but now saying October In this episode we discuss what all this means. More at HelpMeWithHIPAA.com/73
HIPAA Penalties Increasing - Ep 72
September 23, 2016 10:30 - 36 minutes - 50.3 MBDid you hear that maximum penalties for HIPAA violations are being adjusted for inflation? It has quietly happened. Here is how. Check out the Federal Register entry from September 6, 2016. If you aren't in to reading yourself, don't worry, you know Donna did it. Well, at least the HIPAA parts. Learn more at: HelpMeWithHIPAA.com/72
OCR small breach investigations increasing - Ep 71
September 16, 2016 10:30 - 35 minutes - 48.4 MBOCR recently released another memo concerning compliance enforcement efforts. They say effective August 2016, they have started an initiative to more widely investigate breaches involving under 500 patients. That means that OCR small breach investigations will begin happening immediately. In the past, the policy had been to investigate all breaches over 500 patients but not under. More information at HelpMeWithHIPAA.com/71
Insider Threats: Do you know who your employees are? - Ep 70
September 09, 2016 10:30 - 37 minutes - 50.9 MBOCR published a memo on Aug 1, 2016. The title is "Do you know who your employees are?". It is a great reminder about insider threats that we should all worry about regularly. Quoted directly from the memo. ============================ Although all insider threats are not malicious or intentional, the effect of these threats can be damaging to a Covered Entity and Business Associate and have a negative impact on the confidentiality, integrity, and availability of its ePHI. According ...
OCR 2016 settlements keep coming - Ep 69
September 02, 2016 10:30 - 44 minutes - 60.4 MBSo far in 2016 there have been 10 resolution agreements announced. One more and this year will equal the number of agreements in all of 2015 & 2014! The latest two also include the largest one announced yet - $5.5m with Advocate Health. Before that though was The University of Mississippi Medical Center - Ole Missto those of us in the SEC world. It wasn't something to "shake a stick at" with a$2.75m resolution amount. The total amount for those 10 announcements so far in 2016 = $20,314...
OCR Desk Audit Details - Ep 68
August 26, 2016 10:30 - 47 minutes - 64.6 MBThe OCR audits have begun. On Wednesday, July 13, audit selected CEs where invited to a webinar. OCR staff walked through the processes they can expect for the audit and expectations for their participation. The OCR published information from the webinar so we had to check it out and share what we learned with you guys. For more details visit HelpMeWithHIPAA.com/68
Pokemon Go and HIPAA Breaches - Ep 67
August 19, 2016 10:30 - 36 minutes - 49.7 MBSay it ain't so! Pokemon and a HIPAA breach really? REALLY! Creatures are showing up in offices and hospitals just like everywhere else. The concept of keeping people active and engaged with their surroundings while playing a video game seems like a great idea from a healthcare standpoint. And then you actually do a risk assessment of it - this is where the wheels fall off that good idea train. Get more details as HelpMeWithHIPAA.com/67
Healthcare Hack: PHI For Sell On The DarkNet - Ep 66
August 12, 2016 10:30 - 39 minutes - 54.1 MBWe first talked about this in Ep 62. Darknet sale of healthcare records. Now, more information is coming out and it gets more unfortunate for patients every time we read more. Deep Dot Web broke the news: https://www.deepdotweb.com/2016/06/26/655000-healthcare-records-patients-being-sold/ We picked it up on Data Breaches.net because they were trying to figure out who the entities actually were in each case: https://www.databreaches.net/damn-anyone-know-what-facilities-these-are/ Get mo...
OCR resolution agreement - OHSU - EP 65
August 05, 2016 16:00 - 44 minutes - 61.3 MBWhat happened? March 23, 2013 Oregon Health & Science University notified HHS of a breach due to a stolen unencrypted laptop. May 1, 2013 OCR notifies them they are investigating the incident July 28, 2013 Oregon Health & Science University notified HHS of another breach resulting from storing ePHI at an internet-based service provider without a business associate agreement November 8, 2013 OCR notifies them they are investigating the new incident July 18, 2016 settlement announced ...
Security Incident Response Plan - Ep 64
July 29, 2016 10:30 - 37 minutes - 51.3 MBOCR recently sent out a message on their listserv asking if your CE or BA was ready for an incident. We have been discussing security incidents a lot lately so it is nice that OCR has brought it up. Because we have seen various Incident response reports recently, so we were working on an episode anyway. So this episode is a review of Security Incident Response Plan development. Let's first be clear, this isn't just about HIPAA. We also have been reviewing the Economist Intelligence Unit 2...
Medical Device Security - Ep 63
July 22, 2016 10:30 - 41 minutes - 57.1 MBThere has been a lot of news and industry discussions about Medical Device security. Medical Devices are just like a computer, so they also need security to protect the information on them. For more go to HelpMeWithHIPAA.com/63
Business Associate Breaches In The News - Ep 62
July 15, 2016 10:30 - 40 minutes - 55.1 MBA business associate is getting this OCR resolution, $650,000 and a two-year settlement. CHCS in Philadelphia is a BA to 6 skilled nursing clinics in the Philadelphia area. Entities like this do the business part of healthcare and the other clinics don’t have to worry about it. An unencrypted iPhone that wasn’t password protected had PHI on it. Patterson Dental Supply Inc. helps manage dental practice information for various providers. One of the clinics they help service is Massach...
Healthcare Data Breach Study - Ep 61
July 08, 2016 10:30 - 33 minutes - 45.5 MBSince 2010, ID Experts has sponsored this Ponemon Institute study which has been tracking data breach trends of patient data at healthcare organizations. The annual economic impact of a data breach has risen over the past six years, as has the frequency of data breaches. Criminal attacks and internal threats are the leading cause of healthcare breaches. Evolving cyber attack threats such as ransomware and malware are of primary concern for 2016. At the same time, internal issues such as empl...
HIPAA Rules In A Crisis - Ep 60
July 01, 2016 10:30 - 30 minutes - 41.9 MBAs always, during times of crisis and chaos things do become confused and incorrect statements are made. It is a normal occurrence in troubling situations. But, we need to address it specifically to clear up a few points. There was no "special waiver from the White House". There was no need for one at all. People, even in a crisis, should not be invoking HIPAA over caring for the patient properly. The hospitals talked about implementing their crisis plan - why wasn't HIPAA addressed in ...
HIPAA, HHS, OCR, and PHI - Ep 59
June 24, 2016 10:30 - 42 minutes - 58 MBToday’s podcast is a little different from our normal ones. We are covering a wide variety of subjects involving HIPAA, OCR, HHS, and PHI rather than one specific topic. For more go to HelpMeWithHIPAA.com/59
Preventing Ransomware - Ep 58
June 17, 2016 10:30 - 35 minutes - 49 MBPreventing ransomware is a major concern for every business today. If not, it should be. This episode covers understanding ransomware and methods for preventing it. Is ransomware a phi breach? April record number of cases and not slowing down 8 hospitals (more by the time we record) already hit. Training and vigilance is best defense Ransomware attacks continue to evolve to be "smarter" For more see HelpMeWithHIPAA.com/58
HIPAA Policy and Procedure Templates - Ep 57
June 10, 2016 10:30 - 32 minutes - 45.1 MBHIPAA policy and procedure templates seem to be a panacea to many people who are just trying to meet the standards and move on. However, these are not the droids you seek! Templates can be the basis for what you need to do but they shouldn't be the solution to the written policy and procedure requirements under HIPAA. See HelpMeWithHIPAA.com/57
Malware Protection under HIPAA - Ep 56
June 03, 2016 12:31 - 47 minutes - 65.1 MBTwo reasons for today's topic: A question we received from a listener about understanding antivirus software and a news report about a malware scan that interrupted a medical procedure. Between those two cases it felt like it was time to discuss malware protection under HIPAA. Suzie from Savannah: I would like to have a podcast or a quick answer to the different between anti-virus software releases and anti-virus definitions being up-to-date. I understand the AV definitions up to date but a...
New HIPAA Privacy Rules Guidance - Ep 55
May 27, 2016 10:30 - 46 minutes - 64 MBWe always look at the security rule aspects of HIPAA because they deal with the easier parts for people to deal with when it comes to lowering their risk, but today we are diving into some privacy rule guidelines, because there is new HIPAA privacy guidance that has just been published. Get more info at HelpMeWithHIPAA.com/55
HIPAA Access Log Audits - Ep 54
May 20, 2016 10:30 - 37 minutes - 52.1 MBRecently, we ended up in several discussions about HIPAA access logs and what they really require with our clients. As per usual, any topic that comes up multiple times in my “real job” becomes a discussion for HMWH. So, today we are talking about HIPAA access logs to attempt to clear up some confusion we have encountered. There are multiple types of HIPAA access logs being created in most environments and you should be dealing with pretty much all of them in some manner. Get more at Hel...
What does a data breach cost? - Ep 53
May 13, 2016 10:30 - 41 minutes - 57.4 MBWe talked about OCR audits recently because they are in the news. The audit protocol is a perfect guide for developing and maintaining your HIPAA compliance programs. In fact, the audits have been a hot topic in the industry this month. However, the fact that only 200 audits will take place really means the audit protocol is more important as a guide for what your program should look like in the event you have a breach or complaint investigation. Statistically, you are much more likely to ...
Ep 52: HIPAA Podcast One Year Anniversary Interview
May 06, 2016 03:21 - 50 minutes - 68.7 MBWe really appreciate the support and feedback we have received for our little HIPAA podcast project known as Help Me With HIPAA. This episode marks one complete year of weekly HIPAA podcasts (counting the special bloopers holiday episode). We certainly learned a great deal since we started this little DIY project last year. Granted, David was a convert to the idea much quicker than Donna. Here we are one year later and our little HIPAA podcast is starting to gain some real momentum. ...
Ep 51: Small Office HIPAA Compliance
April 29, 2016 10:30 - 43 minutes - 59.5 MBWe often talk about doing the "work" of compliance. Some people seem to have the attitude that all I need to do some is annual staff training and hand out a Notice of Privacy Practices to do small office HIPAA compliance. When we try to explain there is more to it than that we often get pushback about the requirements. We always hear comments like: we don't have time, we don't have resources, we can't be expected to do this. So, how DO you do small office HIPAA compliance? Today we are ...
Ep 50: Website Security Questions
April 22, 2016 10:30 - 37 minutes - 52 MBEvery website needs security. What questions should you be asking about your business websites and who should you be asking? Website security can be an open hole in your security plans. It can also be the source of lots of problems for your business if you don't pay attention to the site content or securing your message. More info on the website at helpmewithhipaa.com/50
Ep 49: New OCR Audit Protocol Review
April 15, 2016 03:56 - 45 minutes - 63 MBThe recent release of the new OCR audit protocol gives us new guidance on what they expect from HIPAA compliance programs. There is a great deal of information to sift through if you are so inclined. To make it easier for you we are discussing some of the details and things we have learned from reviewing it for you! So, here is our review of the new OCR audit protocol! For more details go to our website article helpmewithhipaa.com/49
Ep 48: Disaster Recovery for Flooding
April 08, 2016 10:30 - 36 minutes - 49.7 MBIn the first episode in our Disaster Recovery series that we will be doing this year we are discussing planning disaster recovery plans for flooding. This episode is an interview with Ginger McCleish who experienced a real world disaster recovery flooding in the St. Louis, MO area in December 2015. Hear more at HelpMeWithHIPAA.com/48
Ep 47: Latest HIPAA Buzz
April 01, 2016 00:13 - 46 minutes - 64 MBThe latest HIPAA buzz is about things like Interoperability, Data Governance, Patient Access Rights, and, of course, OCR random audits. Donna attended HIMSS and the National HIPAA Summit recently. In this episode we discuss what kinds of things are happening in the industry relating to HIPAA. For more details visit our website at helpmewithhipaa.com/47
Ep 46: HIPAA Enforcement 2016
March 25, 2016 10:30 - 35 minutes - 48.1 MBSo far in 2016, we have seen four HIPAA enforcement cases resolved by OCR. One involved only the second Civil Money Penalty ever assessed. The three others were resolution agreements. Add those cases to what was done in 2015 and you have the most active 12 month period of HIPAA enforcement ever. Certainly, the first quarter of 2016 has been the most active quarter ever when it comes to HIPAA enforcement announcements. In this episode we discuss the cases resolved so far in 2016 and mo...
Ep 45: Why Do We Need HIPAA
March 18, 2016 10:30 - 38 minutes - 53.1 MBMany times people ask: Why do we need HIPAA? Is HIPAA really necessary? The short answer is yes, we do need HIPAA and the reason is without it there is no baseline for protecting patient privacy. Learn more at http://helpmewithhipaa.com/45
Ep 44: HIPAA Social Media Policies
March 11, 2016 11:30 - 41 minutes - 56.8 MBSocial media can be the source of many issues if you don't have a clear policy for use. HIPAA social media policies requires some serious thought and commitment from your management staff. What things are good use of social media and what things should be avoided through policy enforcement? Read more about HIPAA Social Media Policies at our website: helpmewithhipaa.com/44
Ep 43: Ransomware Response Planning
March 04, 2016 11:30 - 44 minutes - 60.9 MBIt is clear that HIPAA disaster recovery and business continuity plans should include some level of ransomware response planning after the attack that shut down Hollywood Presbyterian Hospital. What kinds of issues should you expect and how can you mitigate the damage from a ransomware attack? Read more about our ransomware attack planning discussion on our website at helpmewithhipaa.com/43
Ep 42: PHI Locations In Your Organziation
February 26, 2016 11:30 - 34 minutes - 46.8 MBTo be certain you are protecting the health information in your organization you must identify where it lives and moves about around the network and workforce. A risk analysis can't be done properly without making that list first. Where should you look for PHI? If you don't store it do you store access TO it? Get more information for this podcast at HelpMeWithHIPAA.com/42
Ep 41: HIPAA Compliant Vendor Vetting
February 19, 2016 11:30 - 46 minutes - 64.4 MBTrust but verify is the new standard when it comes to Business Associate relationships today. Yes, they must sign a BAA but you really need to ask some questions to confirm those BAs understand and are doing the things they have agreed to do for you. Covered Entities (CEs) haven't really worried about the details of the contracts too much as along as the vendors would sign them. Many vendors have signed, and continue to sign, BAAs without any concerns at all for what the contract actually...
Ep 40: Creating HIPAA Training Programs
February 12, 2016 11:30 - 36 minutes - 49.7 MBGet all the details at HelpMeWithHIPAA.com/40
Ep 39: Cybersecurity Tips From The FBI - Check Your Security
February 05, 2016 11:30 - 31 minutes - 43.6 MBMore notes and links on the website at HelpMeWithHIPAA.com/39
Why HIPAA Is Important To You?
February 03, 2016 18:15 - 45 minutes - 62.7 MBMore details on our website Also at the Atlanta's Most Trusted Advisors page:
Ep 38: Clinical HIPAA Perspectives with The Nerdy Nurse
January 29, 2016 11:30 - 39 minutes - 54 MBBrittney Wilson, The Nerdy Nurse, joins us to discuss the clinical staff's HIPAA perspectives. More details at helpmewithhipaa.com/38
Ep 37: PHI Breaches - 2015 Ends With A Bang!
January 22, 2016 02:05 - 31 minutes - 43.4 MBMore details at helpmewithhipaa.com/37
Ep 36: HIPAA Now An Element In Other Assessments
January 15, 2016 11:30 - 31 minutes - 43.4 MBHIPAA may show up in areas you haven't seen before. If you are assessed by any other organization or for any other reason, HIPAA questions may start showing up. We have heard about it being brought up in many areas: Insurance Policy Applications Partnership Negotiations Funding discussions URAC accredidation (formerly known as the Utilization Review Accreditation Commission) This episode is a discussion on why it is showing up in other places and why we expect that trend to continue. ...
Ep 35: Breach Response Planning with ID Experts
January 08, 2016 11:30 - 43 minutes - 59.7 MBID Experts is in the business of dealing with privacy breaches. They have a variety of incident response services and tools. We discuss breach topics with Jeremy Henley, Director of Breach Services, ID Experts in today's episode. Detailed notes from the show can be found on our website at helpmewithhipaa.com/35
Ep 34: New Years Resolutions for Compliance Officers
January 01, 2016 11:30 - 31 minutes - 42.7 MBNew Years Resolutions can be simple commitments to yourself and your compliance program effectiveness. When you have so many job responsibilities compliance often gets set to the side or "on the front left corner of my desk". These tiny changes can help you keep things moving forward without forcing you to spend a day or two a week. Detailed notes on the show can be found on our website at helpmewithhipaa.com/36
Episode 33: Holiday Special
December 25, 2015 11:30 - 9 minutes - 13.3 MBSince this episodes is being released on a holiday for all of us at Help Me With HIPAA, we are sharing a special blooper episode our audio editor Bojan Sabioncello created specially for us. When you hear our recordings from his perspective, you will see what a great job he does making us sound so professional.
Episode 32: 2015 HIPAA Gift Giving Guide
December 18, 2015 11:30 - 32 minutes - 45.2 MBCompliance officers need all kinds of help to get their jobs done. We came up with a list of ideas for gifts to help them out this holiday season. More details at helpmewithhipaa.com/32
Episode 31: Enforcement efforts by OCR should increase in 2016
December 11, 2015 11:30 - 30 minutes - 41.3 MBEnforcement of HIPAA is changing There are many indicators that make us believe that we will see a distinct uptick in OCR enforcement activity. The last two OIG reports say OCR isn't doing enough, the news points out issues with enforcement, and even Congress is getting in the mix. In this episode, we discuss why this makes us think you don't want to wait around to see IF OCR starts doing anything differently. More details at helpmewithhipaa.com/31