Synopsis
HelpMeWithHIPAA.com is a collaboration between Kardon Compliance founder, Donna Grindle, and HIPAAforMSPs.com founder, David Sims. Our mission is to share our Privacy and Security knowledge with those who are required to understand, implement, and manage the complex Privacy and Security requirements of HIPAA compliance.Our work with CEs and BAs inspired us to launch the service to provide information about the complex requirements of HIPAA in a relaxed manner without using too much legalese or geek speak. As the podcasts programs progress we will cover topics about that include sorting through the requirements as well as real world examples of the procedures used, both good and bad.Join us as we do our best to create a show where HIPAA and humor collide!
Episodes
-
Cybersecurity Naughty List 2017 - Ep 133
15/12/2017 Duration: 36minAs 2017 comes to a close, we are making our lists and checking them twice. Time to find out who we thought was more naughty than nice this year. The Naughty List 2017 discussion includes everything from big news data breaches such as Equifax and Uber down to stolen hard drives and password issues. Feel free to add your naughty list nominations in the comments. More info at HelpMeWithHIPAA.com/133
-
Five Phishing Findings From Google - Ep 132
08/12/2017 Duration: 51minA new report on phishing was recently released titled: Data Breaches, Phishing, or Malware? Understanding the Risks of Stolen Credentials. The report of findings from a study that was done by Google, University of California, Berkeley, and the International Computer Science Institute. It was a year-long study of account hijacking, stolen credentials, phishing and malware attacks. The findings are clear that phishing is a problem in ways we may not have thought before now. In the study, the researchers followed other hacker methods used against email addresses they found on the darknet sites for sale. The search netted 12.4 million addresses that were determined to be potential victims of phishing kits out of the total 1.9 billion usernames and passwords exposed by data breaches. So, it is obvious that this isn’t a tiny study over a short amount of time. For more info go to HelpMeWithHIPAA.com/132
-
SOC2 certification is not HIPAA compliance - Ep 131
01/12/2017 Duration: 47minRecently, we have dealt with our clients struggling with vendors in the vetting process. Particularly, tech vendors of any sort. Many vendors have written off the HIPAA compliance requirements by simply saying “We are SOC2 compliant so you don’t have to worry about anything”. Often that is said by sales and management folks with a great deal of confidence. After spending some time at a recent HITRUST meeting I heard just how many people shouldn’t be so confident when making that statement. As with anything else the devil is in the details. What does SOC2 mean and how can you tell if that really means anything to you? Trust but verify is the key to answering that question for yourself. More info: HelpMeWithHIPAA.com/131
-
Black Friday Replay 8 Common HIPAA Myths
24/11/2017 Duration: 46minWe are enjoying the holiday with our families. But, we didn't want to miss a chance to share time with our listeners. Today we are replaying one of our favorite episodes 8 Common HIPAA Myths.
-
5 Things To Do Before Year’s End - Ep 130
17/11/2017 Duration: 44minHard to believe another year is coming to an end. It is time to review 2017 and plan for 2018. That means it is time to make your list of 5 Things To Do Before Year’s End. Just in case you need some help with that list, we made one for you! HelpMeWithHIPAA.com/130
-
Text messaging is not secure by default - Ep 129
10/11/2017 Duration: 40minText messaging is often the preferred method of communication for many people today. It does have great advantages with its simplicity, instant delivery, and convenience. However, I did not mention security on that list. Text messaging is not secure by default. Yes, you can secure it but that requires apps, platforms, and planning. The bottom line is the communication method most people call text messaging is not secured enough to send and receive PHI without patient authorization to use it. For more info HelpMeWithHIPAA.com/129
-
Is there a cyber storm brewing? Ep 128
03/11/2017 Duration: 51minLately, there have been a lot of articles in the "nerd news" services about various problems and vulnerabilities looming on the horizon or happening right now. Usually, there are one or two in a normal week or so that really get our attention. The last few weeks though it seems a bit different. Maybe it is just noise or paranoia created to drive traffic to sites. But, sometimes it becomes overwhelming enough to take time to step back and look at the details as a whole and determine what you really are seeing here. So, today we discuss: is there a cyber storm brewing on the horizon? More info at HelpMeWithHIPAA.com/128
-
HIPAA Horror Stories V3 Ep - 127
27/10/2017 Duration: 35minEach year we have done a special scary episode for Halloween. Last year we took you on a tour of a haunted house. This year for HIPAA Horror Stories V3 we get to hear a campfire horror story. So gather around and hear how scary HIPAA mishaps can be for us all! For more info go to HelpMeWithHIPAA.com/127
-
Social Media, Marketing, and HIPAA - Ep 126
20/10/2017 Duration: 49minWhen it comes to social media, marketing, and HIPAA things can get a little dicey. There are certainly many cases where using social media has gone awry in health care cases. However, when handled correctly, you can actually use social media, marketing, and HIPAA in a sentence without getting chills down your spine. Today, Janet Kennedy joins us for a discussion on the positive reasons you should be active on social media and the precautions you should take to make sure everything stays in a positive light. More at HelpMeWithHIPAA.com/126
-
On-boarding and Termination Checklists - Ep 125
13/10/2017 Duration: 48minDuring the onboarding and termination process is where many mistakes are made that lead to security incidents and even reportable breaches. Today we discuss why they are important and the kinds of things you should consider having in yours. For more information HelpMeWithHIPAA.com/125
-
Talk To The Boss About HIPAA - Ep 124
06/10/2017 Duration: 44minHow do you talk to the boss about HIPAA? That is a regular question we get around here. The staff responsible for compliance gets trained and understands what needs to be done but they don't get leadership support. Over the years we have had to have those conversations many times. It is never easy but there are some key pointers to making ground with your argument and turning the tide for supporting your efforts. Today we cover a few of our ideas on how to broach the subject effectively when you need to talk to your boss about HIPAA. More details at HelpMeWithHIPAA.com/124
-
OCR Audit Updates Phase 2 - Ep 123
29/09/2017 Duration: 35minDuring the NIST OCR HIPAA Security Conference we covered in the last two episodes, there was also a session on OCR Audit Updates. OCR gave an update on the information gleaned so far from the compliance desk audits that were started in 2016. Their presentation included some interesting details. Today we cover the information they shared so you can compare and contrast those details against your own program. For more details HelpMeWithHIPAA.com/123
-
NIST and OCR Security Conference Part Deux – Ep 122
22/09/2017 Duration: 56minThis is the second episode covering the things David has to share from the Safeguarding Health Information conference. There are many great points he picked up. As we review them we keep coming back to the reminder that HIPAA is about patient care now. Join us as we discuss everything from ransomware requirements to security for a small practice on this episode. More info at HelpMeWithHIPAA.com/122
-
NIST and OCR Security Conference - Ep 121
19/09/2017 Duration: 48minThe annual NIST and OCR security conference has come around again. This year, David attended the conference via webcast and shares his notes on the first day of the conference. Before the conference discussion, we have to touch on the announcement from Equifax about their HUGE data breach. For more information go to HelpMeWithHIPAA.com/121
-
Disaster Recovery Preparations Ep - 120
08/09/2017 Duration: 42minWe recorded this episode on the day that Harvey was hitting Houston and had no idea just how bad that disaster would eventually become for those on the gulf coast. On the day we publish this episode, we are both personally involved in the evacuations and preparations in advance of Irma. She is forecast to hit Florida, Georgia, and the Carolinas in the next few days. The timing for this discussion could not be more appropriate from a news perspective but this planning should have already taken place prior to this date for those in the paths of these deadly storms. As you listen to this episode, know that we had no idea just how bad things were about to become for the millions of people under the stress of these major natural disasters. Take care in your planning now if you haven't been in these areas, your turn may be next and there is no way you want to be dealing with anything similar without a plan. What do you have in your disaster recovery plans? For more info HelpMeWithHIPAA.com/120 Email us at cont
-
Should I use a local, data center, or cloud server? - Ep 119
01/09/2017 Duration: 53minEvery time we discuss server security issues it opens a debate about where is the best place to keep your servers. There are three options and we are going to discuss them today. Local hosting vs data center hosting vs cloud servers under HIPAA. For more details HelpMeWithHIPAA.com/119 email us: contact@helpmewithhipaa.com
-
What is reasonable and appropriate? Ep 118
25/08/2017 Duration: 42minWhat is reasonable and appropriate? The HIPAA legal reference and guidance mentions reasonable and appropriate all over the place. Many times that concept creates confusion. How do you determine what is reasonable or appropriate for any environment? More at HelpMeWithHIPAA.com/118
-
Alexa Plus HIPAA Plus Other Questions - Ep 117
18/08/2017 Duration: 46minCan a doctor have Alexa in OR to play music? Is it a HIPAA violation for staff to look at their own records or is it an internal policy violation? I am a small company BA do I really have to do all of HIPAA compliance requirements? If I know my upstream BA or CE isn't following their HIPAA compliance obligations what am I legally obligated to do? Why would you make daily copies of your visitor logs? More info at HelpMeWithHIPAA.com/117
-
Security Incident Investigations Find More Than Expected - Ep 116
11/08/2017 Duration: 43minSometimes following the news lets you find things like security incident investigations with interesting details. But, these cases were different than most. Even better than that, we learned how can a fish tank help hackers! There were just too many parts of these stories that got my attention to pass them up. When something occurs and the investigation uncovers way more to the story than you normally see we should all learn from them. More details at HelpMeWithHIPAA.com/116
-
Incident Response Plans V2 - Ep 115
04/08/2017 Duration: 45minIncident response plans have been a topic of our show several times. But, these days we just can't get enough of a good thing! Actually, there is a reason we are covering it in this episode. I was reviewing a Business Associate Due Diligence from a software provider. In the questionnaire, we always ask if you have a written incident response plan and trained incident response team. They responded Yes, with a comment of "we have an engineering department". More info at HelpMeWithHIPAA.com/115