Help Me With Hipaa

Maturity is something we expect from respected folks or grown folks but what about your privacy and security program, do you check it’s maturity?  You have all of these plans, policies, procedures, and training but is it actually meeting your needs? Time to talk maturity assessments. More at HelpMeWithHIPAA.com/206

The latest HIPAA violation settlement with OCR was announced recently.  Ironically, the settlement with Touchstone Medical Imaging was for $3,000,000 and announced just after the reduction of maximum penalties was announced by HHS.  Just how bad was this violation to get hit with this level of penalties plus the 2-year corrective action plan? More at HelpMeWithHIPAA.com/205

Headlines everywhere are telling us all that the HIPAA penalties are being “slashed” or “capped” or “reduced”.  What is the real story and what does it mean to the rest of us? Great time to talk about what you should consider if you think you will be facing any HIPAA penalties. More info at HelpMeWithHIPAA.com/204

We have talked many times about vetting business associates.  When people talk about supply chain security it isn’t just the business associate you contract with you have to worry about.  It is all the vendors that they use. Today we are going to review 3 supply chain stories that explain how complex your supply chain unbeknownst to you. More at HelpMeWithHIPAA.com/203

We are all being watched. Cameras are everywhere today. With the advent of dashcams, home security camera systems, CCTV in cities and businesses we are caught on camera somewhere every day. What does that mean when you have privacy concerns to address like, I don’t know, HIPAA? More info HelpMeWithHIPAA.com/202

We discussed this whole Alexa and HIPAA thing before.  This week came the big announcement from Amazon that had headlines telling us that Alexa is HIPAA compliant with some slick new medical skills. Time to talk about her again.  Let’s see what the announcement really said.  While we are at it we will also look into the story that Amazon also has thousands of people sitting around listening to Alexa requests all day long. More info at HelpMeWithHIPAA.com/201

It is hard to believe we are recording our 200th episode. Some might even say it is close to a miracle that David and Donna could stay focused on one thing for this long. Probably very true. Our passion for what we do here is more than most people would think. We truly do believe that tagline we use in every episode “HIPAA is not about compliance; it’s about patient care.”. More at HelpMeWithHIPAA.com/200

Medical record release is becoming a heated topic.  There are several parties involved in the discussion.  Of course, the patient and their rights to the medical record comes first.  Then, you have the providers trying to meet their obligations to supply the records.  But, there are also lawyers and medical record release of information companies and, of course, OCR involved.  Today we will try to make some sense out of the mess. More at HelpMeWithHIPAA.com/199

We come bearing news from the 2019 HIPAA Summit, today. Officially, it was The 28th Annual National HIPAA Summit. The event happened in March from Washington, DC. Thankfully, they have offered a webcast option along with onsite attendance for years. I sat in on the HIPAA Summit sessions again via webcast and there is much to share. For more info go to HelpMeWithHIPAA.com/198

We are fans of the podcast DarkNet Diaries, “True stories from the dark side of the Internet”.  As fans, it explains why we are excited to have Jack Rhysider, the host of DarkNet Diaries, on the podcast with us today.  Prepare to be surprised by some of these real hacker stories. More info at HelpMeWithHIPAA.com/197

It is important to think about what could happen if one of your vendors is the reason you become another business listed in data breach statistics. Third-party data breaches can impact your business even when it doesn't involve your data. These stories show how many different angles you should use when reviewing their impact on your business. More info at HelpMeWithHIPAA.com/196

John Miller, CEO of Sterling Seacrest Partners, was with us back at the beginning of our podcast experiment. Over 100 episodes ago, in February 2017 on episode 89, we first talked with him about cyber insurance policies. Today we’ve brought John back to discuss how cyber insurance coverage has changed over the last two years. More info at HelpMeWithHIPAA.com/195

Ransomware is getting scarier even if you don’t know it yet.  It appears that the lull we enjoyed through the last bit of 2018 may be over.  Not only are the incidents increasing but the mechanisms and ransom demands are changing.  Yes, no matter how we looked at it we had to say ransomware is getting scarier than it has been since the beginning of 2018. More info at HelpMeWithHIPAA.com/194

There are several recent studies and articles that discuss the world from the viewpoint of the people who have the cybersecurity roles in your IT staff. Their days are packed just trying to keep everything working and secure. As much as we have been after IT folks lately it is important to note that many times they take care of problems that you never even see. Today we are taking the time to remember that cybersecurity roles are tough. Really all IT roles involved in protecting our valuable information resources are tough jobs. It takes everyone to defend our data so your cybersecurity team needs your support! More details at HelpMeWithHIPAA.com/193

If you spend time every day worrying about the risks in using email, you might be a security professional.  Email is very risky even if you don’t realize it.  Imagine that you are just walking along a bridge safely.  What you don’t realize is the pit that is just a few inches below the bridge is filled with snakes, gators, and poison spikes.  One small mistake could mean - dum, dah, dum, dum, duuummmm.  Email is dangerous, seriously it is. More info at HelpMeWithHIPAA.com/192

OCR got to toot its own horn in a big press release on Feb 7.  Not only did they announce another settlement that happened in December that we had not heard about but they also recapped the record-setting year they had with enforcement cases in 2018. Time to learn from other's mistakes. More info at HelpMeWithHIPAA.com/191

As with many things, HIPAA “experts” are everywhere.  There is also a lot of misinformation, confusion, and downright bad advice being handed out by people who think they understand HIPAA more than they actually do.  Wrong HIPAA statements can be found on a lot of discussion boards and just out in the world talking to people. We deal with those issues on a regular basis. Sometimes we can laugh about it.  Other times we just have to take very deep breaths before we find ourselves responding inappropriately. Our intent here is to educate, always educate even when you are dealing with someone that may not know they need educating. More at HelpMeWithHIPAA.com/190

The Cybersecurity Act of 2015 (CSA) called for adapting our critical infrastructure to better handle cybersecurity issues using private and public partnerships.  Section 405(d) of CSA calls for “Aligning Health Care Industry Security Approaches.”  A task force has been working on doing that since May 2017.  On December 28, 2018, they published the information we have been excited to see in their document Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients (HICP).  Let’s review this important information, shall we? More info at HelpMeWithHIPAA.com/189.

Let’s be #PrivacyAware in today’s episode.  Privacy Day has been around for a while. It is “international effort to empower individuals and business to respect privacy, safeguard data and enable trust”.  At HMWH, we are all about trust here and certainly aim to empower those who are willing to respect privacy. For more info HelpMeWithHIPAA.com/188

Passwords are a necessary evil in our online and digital world.  There are lots of tools out there that help us deal with them but you have to use them every day in some way unless you are completed unsecured or off the grid.  LastPass recently released an interesting report about the use of passwords. Let’s see what new trouble we can find in these details about our daily password battle and discuss some options we have found for dealing with them. More at HelpMeWithHIPAA.com/187