We discussed this whole Alexa and HIPAA thing before. This week came the big announcement from Amazon that had headlines telling us that Alexa is HIPAA compliant with some slick new medical skills. Time to talk about her again. Let’s see what the announcement really said. While we are at it we will also look into the story that Amazon also has thousands of people sitting around listening to Alexa requests all day long. More info at HelpMeWithHIPAA.com/201...
Apr 26, 2019•47 min•Ep. 201
It is hard to believe we are recording our 200th episode. Some might even say it is close to a miracle that David and Donna could stay focused on one thing for this long. Probably very true. Our passion for what we do here is more than most people would think. We truly do believe that tagline we use in every episode “HIPAA is not about compliance; it’s about patient care.”. More at HelpMeWithHIPAA.com/200
Apr 19, 2019•53 min•Ep. 200
Medical record release is becoming a heated topic. There are several parties involved in the discussion. Of course, the patient and their rights to the medical record comes first. Then, you have the providers trying to meet their obligations to supply the records. But, there are also lawyers and medical record release of information companies and, of course, OCR involved. Today we will try to make some sense out of the mess. More at HelpMeWithHIPAA.com/199...
Apr 12, 2019•57 min•Ep. 199
We come bearing news from the 2019 HIPAA Summit, today. Officially, it was The 28th Annual National HIPAA Summit . The event happened in March from Washington, DC. Thankfully, they have offered a webcast option along with onsite attendance for years. I sat in on the HIPAA Summit sessions again via webcast and there is much to share. For more info go to HelpMeWithHIPAA.com/198
Apr 05, 2019•1 hr•Ep. 198
We are fans of the podcast DarkNet Diaries , “ True stories from the dark side of the Internet ”. As fans, it explains why we are excited to have Jack Rhysider , the host of DarkNet Diaries, on the podcast with us today. Prepare to be surprised by some of these real hacker stories. More info at HelpMeWithHIPAA.com/197
Mar 29, 2019•51 min•Ep. 197
It is important to think about what could happen if one of your vendors is the reason you become another business listed in data breach statistics. Third-party data breaches can impact your business even when it doesn't involve your data. These stories show how many different angles you should use when reviewing their impact on your business. More info at HelpMeWithHIPAA.com/196
Mar 22, 2019•52 min•Ep. 196
John Miller , CEO of Sterling Seacrest Partners , was with us back at the beginning of our podcast experiment. Over 100 episodes ago, in February 2017 on episode 89 , we first talked with him about cyber insurance policies. Today we’ve brought John back to discuss how cyber insurance coverage has changed over the last two years. More info at HelpMeWithHIPAA.com/195...
Mar 15, 2019•55 min•Ep. 195
Ransomware is getting scarier even if you don’t know it yet. It appears that the lull we enjoyed through the last bit of 2018 may be over. Not only are the incidents increasing but the mechanisms and ransom demands are changing. Yes, no matter how we looked at it we had to say ransomware is getting scarier than it has been since the beginning of 2018. More info at HelpMeWithHIPAA.com/194
Mar 08, 2019•45 min•Ep. 194
There are several recent studies and articles that discuss the world from the viewpoint of the people who have the cybersecurity roles in your IT staff. Their days are packed just trying to keep everything working and secure. As much as we have been after IT folks lately it is important to note that many times they take care of problems that you never even see. Today we are taking the time to remember that cybersecurity roles are tough. Really all IT roles involved in protecting our valuable inf...
Mar 01, 2019•53 min•Ep. 193
If you spend time every day worrying about the risks in using email, you might be a security professional . Email is very risky even if you don’t realize it. Imagine that you are just walking along a bridge safely. What you don’t realize is the pit that is just a few inches below the bridge is filled with snakes, gators, and poison spikes. One small mistake could mean - dum, dah, dum, dum, duuummmm. Email is dangerous, seriously it is. More info at HelpMeWithHIPAA.com/192...
Feb 22, 2019•47 min•Ep. 192
OCR got to toot its own horn in a big press release on Feb 7. Not only did they announce another settlement that happened in December that we had not heard about but they also recapped the record-setting year they had with enforcement cases in 2018. Time to learn from other's mistakes. More info at HelpMeWithHIPAA.com/191
Feb 15, 2019•37 min•Ep. 191
As with many things, HIPAA “experts” are everywhere. There is also a lot of misinformation, confusion, and downright bad advice being handed out by people who think they understand HIPAA more than they actually do. Wrong HIPAA statements can be found on a lot of discussion boards and just out in the world talking to people. We deal with those issues on a regular basis. Sometimes we can laugh about it. Other times we just have to take very deep breaths before we find ourselves responding inapprop...
Feb 08, 2019•49 min•Ep. 190
The Cybersecurity Act of 2015 (CSA) called for adapting our critical infrastructure to better handle cybersecurity issues using private and public partnerships. Section 405(d) of CSA calls for “Aligning Health Care Industry Security Approaches.” A task force has been working on doing that since May 2017. On December 28, 2018, they published the information we have been excited to see in their document Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients (HICP). Let’s...
Feb 01, 2019•47 min•Ep. 189
Let’s be #PrivacyAware in today’s episode. Privacy Day has been around for a while. It is “international effort to empower individuals and business to respect privacy, safeguard data and enable trust”. At HMWH, we are all about trust here and certainly aim to empower those who are willing to respect privacy. For more info HelpMeWithHIPAA.com/188
Jan 25, 2019•45 min•Ep. 188
Passwords are a necessary evil in our online and digital world. There are lots of tools out there that help us deal with them but you have to use them every day in some way unless you are completed unsecured or off the grid. LastPass recently released an interesting report about the use of passwords. Let’s see what new trouble we can find in these details about our daily password battle and discuss some options we have found for dealing with them. More at HelpMeWithHIPAA.com/187...
Jan 18, 2019•37 min•Ep. 187
Today we cover the things we are keeping an eye on for 2019. Yes, it is 2019, I can not believe how quickly we have gone through almost 2 decades of the 21st century. Our top 7 predictions for 2019 may not surprise you. But, that shouldn't stop us from throwing them out there. More at HelpMeWithHIPAA.com/186
Jan 11, 2019•47 min•Ep. 186
In case you have missed it there have been several headlines about HIPAA changes in the last month. What is that all about and what should you worry about? Today we are discussing if HIPAA changes are will be coming this year. Even better we will tell you what we plan to do with the information. More at HelpMeWithHIPAA.com/185
Jan 04, 2019•53 min•Ep. 185
OCR continued to hand out settlements to close out 2018. These last few announcements came out so quickly vs normal rates it is definitely raining settlements! While these last two do pale in comparison to the huge Anthem settlement, they certainly bring home more messages. What lessons are they trying to teach us with the Florida and Colorado settlements announced in December? More info at HelpMeWithHIPAA.com/184
Dec 28, 2018•42 min•Ep. 184
Each year our Croatian sound editor, Bojan, compiles his favorite package of our issues to share his pain with our listeners. Listen in to hear how much he has to work to make us sound so much better than we should. Thanks, Bojan for all the hard work! For all our listeners, Happy Holidays and thanks for your support this year and in the future!
Dec 21, 2018•9 min
The allergy practice settlement that was recently announced will be known as the “no comment” settlement in my mind. As always, there are lessons to be learned from this announcement and the way OCR handled it. This settlement brings up a lot of discussions about handling patient public comments. More at HelpMeWithHIPAA.com/183...
Dec 14, 2018•39 min•Ep. 183
There have been several announcements about cybersecurity agencies and offices lately. Some announcements are from the Department of Homeland Security (DHS) and some are from Health and Human Services (HHS). What are they talking about and what does it mean to you? More at HelpMeWithHIPAA.com/182
Dec 07, 2018•46 min•Ep. 182
It is hard to believe we are coming to the end of another year. Seems like just yesterday we recorded 7 Educated Guesses About 2018 . Today we review our 2018 predictions, ummmm, educated guesses for 2018 and see how we did. More info at HelpMeWithHIPAA.com/181
Nov 30, 2018•45 min•Ep. 181
This holiday we are both taking time off to celebrate with our friends and families. In our absence, please enjoy a replay of our previous Gift Giving Guide for compliance officers.
Nov 23, 2018•34 min
Listener message potpourri means we will be hitting several different topics in this episode. We get emails and messages from listeners a lot these days. While we do our best to respond we can't say we are consistent. That is why we do these episodes periodically. If we've missed yours, don't hesitate to point it out to us in another message. More info at HelpMeWithHIPAA.com/180
Nov 16, 2018•50 min•Ep. 180
In the recent NIST OCR security conference, a panel member said the terms “HIPAA compliant” and “HIPAA certified” made her cringe. We agree. The Anthem settlement has a lot of people asking about certifications for cybersecurity since Anthem was technically HITRUST Certified when the hacker first broke into their network. Let’s talk certifications and what they really mean under HIPAA, shall we? More info at HelpMeWithHIPAA.com/179
Nov 09, 2018•30 min•Ep. 179
The 2015 Anthem data breach could have been a watershed moment for HIPAA privacy and security in many ways. It remains to be seen if the settlement with OCR turns out to be another one. Either way, the historic breach and historic settlement have many lessons for us to learn. Let's discuss Anthem settlement lessons today. More info at HelpMeWithHIPAA.com/178
Nov 02, 2018•46 min•Ep. 178
Time for the annual Halloween episode! 5 horror movie quotes are this year’s theme. We have 5 horror movie quotes that are matched up to data breach stories. More info at HelpMeWithHIPAA.com/177
Oct 26, 2018•37 min•Ep. 177
We are #CyberAware is the tag for the National Cybersecurity Awareness Month campaign. Each year this campaign is run by the National Cybersecurity Alliance. In 2018, Kardon, Security First IT, and HMWH are all signed up to be champions and publish information for the campaign. Today, we will review what these campaigns are about and how you can use these and more like them to augment your education program. More at HelpMeWithHIPAA.com/176...
Oct 19, 2018•51 min•Ep. 176
What should we learn from the recent OCR settlement? This time it was three settlements in one that related to a fourth. There is more here than the headline-grabbing dollar amounts. These settlements are the best specific guidance you can get from OCR. As always, we do the analysis for you! For more info go to HelpMeWithHIPAA.com/175
Oct 12, 2018•43 min•Ep. 175
Often tech folks will say that they understand HIPAA. What that really means is that they understand the technical requirements of HIPAA. The overconfidence sometimes works against them. Today we cover 3 stories tech should hear. It is important that they learn there is more than just their tech knowledge.
Oct 05, 2018•47 min•Ep. 174
