DiscoverHelp Me With HIPAA
Help Me With HIPAA
Claim Ownership

Help Me With HIPAA

Author: Donna Grindle and David Sims

Subscribed: 56Played: 1,025


In today's environment of data breaches, identity theft, fraud, and increasing connectivity, HIPAA Privacy and Security rules are a responsibility to your patients and your clients. HIPAA isn't about compliance, it's about patient care.
242 Episodes
OCR has been busy closing out investigations lately.  They announced 2 more enforcement actions in early November.  One was a settlement in NY, but the other was a civil money penalty with Texas HHSC. Let’s review these 2 new OCR enforcement actions to see what we need to learn from the details released. More info at
Happy Thanksgiving from the HMWH team.  Since we just talked with Erik Decker the last two weeks about HICP it seemed fitting that our Thanksgiving replay this year is the discussion we had about our initial review of HICP earlier in 2019.  That was episode 189. Thanks for listening and enjoy the Holiday season!
Today we share part 2 of our Erik Decker HICP discussion.  Learn about more tools for small and medium organizations. The 405(d) Task Group has more work to do so learn ways you can help spread the word about using these tools to improve healthcare cybersecurity.  We even ask how we can all help promote cybersecurity awareness and HICP to improve the healthcare cybersecurity.
We covered the release of HICP or Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients back in Feb in the episode we called 5 Threats and 10 Protection Practices – Ep 189.  HICP has now been out for a bit and the next phases of the project are in process.  Today we discuss all things HICP with Erik Decker who is the Health Sector Coordinating Council Co-Lead of the 405(d) Task Group that developed this tool to help our sector follow solid cybersecurity practices. More info at
HIPAA penalties are always discussed in training and presentations about HIPAA.  Those discussions are usually more about an overview of what is in the law than actual information on how the law is applied.  HIPAA penalties are really not seen often. Civil money penalties are not part of the settlements we usually see but OCR announced a big one in October.  How do they really apply those huge numbers everyone talks about but we never see? More info at
HIPAA is the Floor - Ep 228

HIPAA is the Floor - Ep 228


The annual conference hosted by NIST and OCR Safeguarding Health Information: Building Assurance through HIPAA Security and the repeated message on day one of the conference was “HIPAA is the floor” which started with OCR Dir Severino’s keynote. We always get information at some point that makes these conferences worth the time. What did we get from this one?  More info at
As is our custom, each year we have a halloween-themed episode. This year we are thrilled to bring you several very real Tales From The Dark Side Of HIPAA.  Thanks to our friend, Jack Rhysider from DarkNet Diaries for recording our haunting lead-in! More info at
Social media and PHI get the OCR spotlight in the latest settlement announced.  Reading these settlement agreements provide the best guidance from OCR which is why we always take the time to get those details for you.  How much have you considered about your social media policies and how your staff understands their responsibilities? More info at
Bad luck breaches? - Ep 225

Bad luck breaches? - Ep 225


Is there such a thing as bad luck breaches?  Most of us don’t expect luck to rule our world although I will always take good luck if I can get it.  But when bad things happen sometimes we say it is due to a string of bad luck. Can data breaches be due to one of those strings of bad luck? For more info go to
The first patient access settlement has been announced by OCR.  Director Severino mentioned they would be putting an emphasis on this issue and we now have the first enforcement come through.  What should you learn from this settlement? It included some interesting corrective action requirements. More
January 14, 2020 marks the end of life for Windows 7 and Windows 2008 operating systems. Have you done your SRA to make sure you have things covered? What about home computers, should you be worried about those? In this episode we review what this end of life for Windows OS means and what you should be doing in the 4th quarter of 2019 to prepare for it. More at
We always talk about the need for a culture of compliance or culture of privacy and security. Today we talk about 6 things you notice when you have built a culture of compliance. The 6 comes from 3 x 2 which means there is clearly no rhyme or reason for the selection today. More at
When working on a plan for this episode I had two different sources drop some insider breach issues in my lap.  When I added those to the news stories we are already following involving insider issues, it was clear the topic was meant to be.  Multiple cases and reports are out — the topic I must cover is because I am reading about insider breaches everywhere around me. More at
October is National Cybersecurity Awareness Month (NCSAM) and it is a perfect tool to feature security awareness with your workforce and clients.  You can not beat an opportunity to run a month long awareness program that provides EVERYTHING you need for free.  Today we discuss what the program includes and how to use it in your office. More at
We discussed the patient rights to access medical records a few episodes ago.  Since then, a new study came out that says a majority of providers are not complying with patient medical records requests.  I have also gotten more questions about law firms demanding to pay only $6.50 for medical records requests. We are  discussing these issues with specifics about fees for patient requests in this episode. More at
When you work with outsourced IT or Managed Service Providers (MSPs) you need to vet them closely to make sure they truly do understand what HIPAA requires from your organization.  Here are seven questions to ask your IT team about HIPAA. For more info go to
The Ponemon Institute has produced an annual study of data breach costs. This is the 14th year. We have used it as a guide for a lot of information over the years. The data has consistently been helpful for us to understand what are the key drivers in data breach costs, remediation, and response. If you can find what the major factors include, it is a great way to determine your priorities in investing resources with the biggest impact. Let’s see what we learned from the 2019 version sponsored by IBM. More info at  
Who is a business associate? A listener asked for an episode on it. Turns out we haven't done one since episode 2.  Wow! So, maybe there is more we have to add to that topic in 2019 after 214 other episodes.  Today, let’s talk about how to determine who is your Business Associates or BA. More info at
We have gotten a flurry of listener questions and comments lately.  Since it is so much easier to do an episode based you listener questions that writing up a whole plan we are definitely doing those today.    We really do read and respond to as many as we can. So here we go. More info at
If you haven’t heard of it before there is a thing called the California Consumer Privacy Act (CCPA).  It is considered the first version of a GDPR-type legislation on this side of the pond.   It becomes effective Jan 1, 2020. There are many folks that think the CCPA isn’t something for them to worry about.  Well... Maybe you should take a second to reconsider that position. More at
Download from Google Play
Download from App Store