Help Me With Hipaa

AI just leveled up, and we’re here to talk about it! In this episode, we dive into DeepSeek—the AI model that shook up the stock market, gave OpenAI a run for its money (literally), and is both insanely cheap to run and totally open-source (which is equal parts exciting and terrifying). We also break down the rise of deepfake scams, AI’s growing role in cybersecurity, and why you should probably question everything you see and hear online. If you love tech, security, and a healthy dose of paranoia, buckle up—this one’s for you! More info at HelpMeWithHIPAA.com/497

Imagine leaving your front door wide open in a neighborhood full of burglars, then acting shocked when your TV disappears. That’s basically what’s happening in healthcare cybersecurity. This week, we’re talking about why hackers are running rampant, how small healthcare practices are prime targets (no, you’re not “too small to matter”), and what basic security steps can actually make a difference. Spoiler alert: Ignoring the problem won’t make it go away.   More info at HelpMeWithHIPAA.com/496

If you’ve ever wondered what it’s like to scream into the cybersecurity void, this episode might feel oddly relatable. We dive into why “bare minimum” isn’t a security strategy—it’s more like playing Russian roulette with your data. From regulatory head-scratchers to the harsh reality that a “bare minimum” security strategy is about as effective as locking your front door while leaving the windows wide open, this episode is your wake-up call, packed with sharp insights, analogies involving go-karts on the interstate, and the occasional frustrated sigh. More info at HelpMeWithHIPAA.com/495

If ignoring cybersecurity was a sport, some companies would be gold medalists—until they realize the prize is a hefty fine and years of regulatory headaches. It’s like leaving your car unlocked in a sketchy part of town with a neon sign that says, “Free Stuff Inside.” What could possibly go wrong? Well, in this episode, we break down six real-life cases that prove skimping on security is way more expensive than just doing it right in the first place. From ransomware attacks to patient right of access failures, we’re diving into what went wrong, why it happened, and—most importantly—how you can avoid becoming the next cautionary tale. More info at HelpMeWithHIPAA.com/494

Buckle up, folks, because this week’s episode is a wild ride through the Cavity of Lies—where HIPAA violations, ransomware attacks, and outright absurdity collide. What happens when a dental group tries to sweep a massive breach under the rug (or, you know, hide servers in bathrooms)? Let’s just say it doesn’t end well. From a 3-year-long cover-up to servers stored in all the wrong places, we’ve got lies under oath, policies that might as well be urban legends, and enough bad decisions to make you cringe harder than hearing the dentist say “we need to talk about your flossing habits.” More info at HelpMeWithHIPAA.com/493

Hold onto your compliance hats—big changes are brewing for HIPAA’s Security Rule! The Notice of Proposed Rulemaking (NPRM) is officially out for public comment, and it’s clear HHA and OCR are on a mission to modernize and tighten the safeguards for electronic protected health information (ePHI). From clarifying risk analysis expectations to making security requirements less, well, “vague,” these updates aim to bolster patient safety and data protection while keeping pace with today’s tech-driven world. But with great updates come great responsibilities for covered entities and business associates alike, so now’s the perfect time to weigh in and help shape the final rule before it’s set in stone. More info at HelpMeWithHIPAA.com/492

Ready to kick off 2025 with a bang? We’re diving into the must-dos for your Q1 2025 compliance and cybersecurity checklist, sprinkling in some risk management wisdom, and why Windows 10 is about as fashionable as shoulder pads in the 2020s. Plus, we sprinkle in a hearty dose of snark to keep you entertained while you get your compliance game strong. Oh and if your incident response plan is just “hope for the best,” it’s time to tune in. More info at HelpMeWithHIPAA.com/491

Ah, supply chain attacks—the gift that keeps on giving... headaches, fines, and catastrophic data breaches. In this episode, we unwrap three cautionary tales of organizations caught in the tangled web of digital supply chain chaos. From unpatched vulnerabilities and sneaky software backdoors to hackers casually buying network access like it’s an eBay auction, each story serves up a hard truth: you don’t want to be part of a supply chain attack, you don’t want to have a supply chain attack, and you definitely don’t want to delay dealing with a supply chain attack. So grab your metaphorical flashlight and let’s go spelunking into the murky caves of cybersecurity mishaps. More info at HelpMeWithHIPAA.com/490

It’s the final countdown, folks—the last episode of the year! And OCR decided to end 2024 with a bang, handing out settlements like candy at a Christmas parade. But here’s the twist: the candy comes with a price tag, and it’s not cheap. This episode hones in on OCR’s new enforcement initiative targeting incomplete and outdated risk analyses. So, before you pop the champagne, let’s make sure your SRA isn’t a ticking compliance time bomb. More info at HelpMeWithHIPAA.com/489

Welcome to the 2024 Blooper Show, where we prove once again that even after nine years, perfection is overrated and laughter is mandatory! Big shoutout to Bojan, our long suffering audio engineer extraordinaire, who turns our chaos into coherence. And of course, we can’t forget you—our amazing listeners—who tune in each week, send us your thoughts and questions, and share the chaos with your friends. Cheers to you for making this madness worth it! More info at HelpMeWithHIPAA.com/2024blooper

Cybersecurity incidents can feel like a punch in the gut, but with the right plan, you can roll with the hits instead of flailing in panic. In this episode, we’re diving into executive strategies for tackling the unexpected, from building response teams to keeping business operations afloat when chaos strikes. Along the way, we also cover a recent corrective action plan that serves as a cautionary tale for getting your protocols in order before trouble comes knocking. This is your go-to guide for staying cool when the heat is on! More info at HelpMeWithHIPAA.com/488

Is your healthcare organization ready for a triple threat, or are you playing a risky game of cybersecurity roulette with delayed access, ransomware demands, and a missing incident response plan? Today, we explore three tales in healthcare that are equal parts cautionary and compelling. We kick things off with the Healthcare and Public Health Sector Coordinating Council’s shiny new cyber incident response checklist—aka your cheat sheet for keeping calm in the face of chaos. Then, we give you the juicy details of a hefty civil money penalty slapped on a healthcare entity for dragging their feet on providing patient records (spoiler alert: patience isn’t a virtue when it comes to HIPAA). Finally, we unravel the saga of a ransomware attack that not only encrypted data but also emptied some wallets. Whether you’re here to learn, laugh, or just feel better about your own compliance game, this episode’s got you covered. Buckle up, because the HIPAA ride is wild! More info at HelpMeWithHIPAA.com/487

Feeling thankful this season? Us too—especially when it comes to dodging data disasters! In this episode, Donna and David dive headfirst into some eyebrow-raising cybersecurity tales, from job application breaches exposing sensitive information to the ever-creepy risks of unsecured IoT devices (yes, even your vacuum might be plotting against you). Whether it’s researchers discovering unsecured data files or hackers turning robot vacuums into racially inappropriate terrors, we’re reminded to never take our digital safety for granted. Grab your popcorn (or an encrypted snack, if that’s a thing) and join us as we talk about what it means to truly be grateful for solid security practices this year. More info at HelpMeWithHIPAA.com/486

Doing a half-baked risk analysis is like locking your front door but leaving all the windows wide open. What’s the point?  Today, we dive into the first-ever Security Risk Assessment (SRA) violation settlement—a juicy topic for compliance nerds and healthcare pros alike. We’re talking ransomware, compliance checklists (the kind you actually need), and why a “kinda-sorta risk analysis” isn’t going to cut it with the OCR. Along the way, we’ll break down the $90K fine, the three-year corrective action plan, and what this means for everyone still winging their HIPAA risk assessments. Time to up your game folks! More info at HelpMeWithHIPAA.com/485

Buckle up for Part 2 of our breakdown on the HHS OCR NIST healthcare security conference - because, yes, 16 hours of deep dives into AI, HIPAA compliance, and cybersecurity priorities can’t be tackled in just one episode! From wild projections about AI’s future in healthcare to OCR’s “tough love” on compliance standards, this episode peels back the curtain on the big decisions shaping healthcare data security. It’s a whirlwind tour through risks, regulations, and the occasional debate on why “just doing it the old way” won’t cut it anymore. Let’s get into it! More info at HelpMeWithHIPAA.com/484

Buckle up, folks! Today, Donna and David are here with Part 1 of their deep dive into the recent HHS OCR NIST healthcare security virtual conference, and they're spilling all the cyber-tea. With experts from HHS, OCR, NIST, FTC, and FDA presenting, this conference covered a ton. From AI-powered hackers and QR code scams to unpatched medical devices and a spike in supply chain attacks, the discussions centered on what it takes to keep healthcare data and devices secure in a constantly evolving threat landscape. Wondering why healthcare data security feels like a game of whack-a-mole? Tune in to find out! More info at HelpMeWithHIPAA.com/483

Ever heard someone say you need a pen test but then start wondering if they meant a pen from a spy movie? There typically is a lot of confusion between penetration testing and vulnerability assessments—a common mix-up with big consequences for your cybersecurity game. We will walk through different types of pen tests, explain how they help you spot weaknesses before the bad guys do and tackle why continuous vulnerability management can save you from surprises. Whether you’re building up your defenses or simply trying to keep up with best practices, this episode is packed with insights on staying ahead of cyber threats, one test at a time. More info at HelpMeWithHIPAA.com/482

Ever had a root canal that felt less painful than dealing with bureaucracy? Well, buckle up, because in this episode, we sink our teeth into the 50th patient right of access enforcement action under HIPAA. That’s right—50 cases since 2019, and somehow, this one involving Dr. Gumb (yes, really) and a dental records dispute is the most absurd of the bunch. From a refusal to hand over records to racking up government fines like trading cards, this saga is a wild reminder of what happens when compliance takes a backseat.  More info at HelpMeWithHIPAA.com/481

Today we tackle the trifecta of cybersecurity headaches: Microsoft’s awkwardly ambitious recall feature, the looming HISAA regulations (because HIPAA wasn’t enough), and a juicy enforcement action following a ransomware attack. We’ll break down how Microsoft’s recall reboot went from intrusive default to opt-in relief, why HISAA could mean mandatory stress tests for healthcare providers, and what lessons we can learn from a ransomware attack that left 291,000 patient records exposed—and a corrective action plan no one wants. If you've ever wondered how healthcare security, government fines, and tech mishaps collide, this one’s for you. More info at HelpMeWithHIPAA.com/480

Leaving your web browser open with 25 tabs is the digital version of leaving your front door unlocked? Whether it's for email, work docs, shopping, or watching cat videos, your browser is the gateway to, well, everything. But as much as we depend on them, so do hackers. From credential theft to sneaky phishing attacks, cybercriminals are finding clever ways to turn your favorite browser into a tool for their dirty work. Today, we’ll break down the wild world of browsers—how we rely on them, and how hackers are exploiting them while we casually leave 25 tabs open at once. Note to self:  it’s time to update your browser (and maybe close a few tabs)! More info at HelpMeWithHIPAA.com/479