Help Me With Hipaa

Perfect timing rarely happens these days but we have been discussing updating incident response plans based on what we have learned in the last two months. In fact, we ended our last episode saying the response plan update is one of the most important things you should do. Like magic Erik Decker posts on LinkedIn this week that the HIC group has finished a new guide specifically about crisis response. More info at HelpMeWithHIPAA.com/257

We always know when serious stuff has happened behind the scenes and OCR got involved. Some major violations of privacy rights must have happened when we see the OCR notice reminding everyone that you can not share patient information with the media without authorization. More info at HelpMeWithHIPAA.com/256

We mentioned in the last episode that we would put together a checklist of sorts for what to do as everyone switches back to the old way of doing business or sets up under new remote models. While this isn’t exactly a copy and paste checklist it does give you food for thought as to what to consider for your own reboot checklist. More at HelpMeWithHIPAA.com/255

When can we stop talking about ransomware? Apparently, never. One of the things we can list as part of our “new normal” is new ways ransomware is going to be impacting us differently. Things are worse today than when we discussed ransomware just a couple of months ago. The pandemic has opened up so many ways for the criminals to attack they are having a field day. More at HelpMeWithHIPAA.com/254

Like it or not we have to face new realities on our threat lists as we figure out our new normal in the post COVID-19 landscape. The privacy and security risks have changed just like everything else during the crisis. Threat lists used for your SRA must be updated and addressed. You do not want to be hit with data breaches and privacy breaches just as you get things back up and running, do you? More at HelpMeWithHIPAA.com/253

Before things went all COVID on us this episode was planned out. It may be even more worthy of an episode now. Have you been evaluating your MSPs response to your current state of business? We knew there were some MSP issues in 2019 but now, in 2020, you must have a reliable trusted MSP partner more than ever. What kinds of things do you need to know about your tech needs, your MSP and where you both plan for the future? More at HelpMeWithHIPAA.com/252

So many scams and so little time to keep up with them.  Yes, that is what it feels like these days.  There are so many coronavirus scams we have to take some time to update you guys.  There have been cybercrime alerts and stupid people stories galore.  Here are the coronavirus scams and crimes we have on our radar this week.   More at HelpMeWithHIPAA.com/251

With the national crisis still in play, cybersecurity is essential to operating businesses which are now online more than ever before. Small businesses without any apps before are going online to survive. Telehealth, remote learning, telework are all standard right now.  With so much going on we are trying to keep our eye on cyber stories to prepare ourselves and our clients for what is happening out there. Today let’s discuss 3 cyber stories we are watching right now. More at HelpMeWithHIPAA.com/250

There is a lot of confusion along the way as there always will be in a crisis like this one. We are going to share some of the good information and do our best to clear up some of the misinformation. No matter what, though, it could all change in the two short weeks between when we record this and when we publish it for you guys. Our plan is to provide as much solid information that we know to be true and accurate today. More at HelpMeWithHIPAA.com/249

We are all doing our best to focus on what we can do during this national crisis.  It is certain that we will bounce back at some point and be able to get back to business.  When we do this national reboot, what kinds of things will we need to do? Spend time now planning for the coming business reboot.  More at HelpMeWithHIPAA.com/248

In Oct 2019 another document was released by the Health Sector Coordinating Council Joint Cybersecurity Working Group.  Health Industry Cybersecurity Supply Chain Risk Management Guide or HIC SCRiM for short is aimed at helping small and medium sized healthcare organizations manage their supply chain vendors. If you haven’t had a chance to check it out, we are reviewing it for you today.  If you do review it you will see why we think that HIC SCRiM should wake up vendors. More info at HelpMeWithHIPAA.com/247

Opening the 2020 enforcement list for OCR is a doctor’s office who reported a breach due to a business associate issue and then did nothing.  The settlement wasn’t due to the BA but because the office had no SRA in place. Let’s break down the settlement with Steven A. Porter, M.D., P.C. a sole gastroenterologist practice in Ogden, UT. Time to learn from their mistakes. More at HelpMeWithHIPAA.com/246

Does your SRA include something like COVID-19?  Your business continuity plans include it? Do you need an SRA that includes virus outbreaks? Yes, you do.  If your risk analysis didn’t include these kinds of things you should revisit your method for doing an SRA. What should you do about this risk and what else is missing from your SRA? Let’s talk about privacy, security and COVID-19. More info at HelpMeWithHIPAA.com/245

Cybersecurity misconceptions are pretty common both in personal life and business.  There are definitely enough cases of misinformation coming through our offices on a regular basis to make it obvious just how confused people can be about what should be done.  We have pointed out many times that the government has been releasing information for years to assist both businesses and individuals. You can find a lot of information that is very helpful at StaySafeOnline.org.  Today we are going to discuss one directed at SMBs explaining several cybersecurity misconceptions. More at HelpMeWithHIPAA.com/244

This story has been going around since September 2019. Images exposed on the internet from PACS systems around the world available to anyone that wanted to see them.  Images exposed included x-rays, MRI scans and more. It still hasn’t been locked down after all these months. That means it’s time to talk about it instead of keeping it quiet. More info at HelpMeWithHIPAA.com/243

Another report comes out that says insiders are a huge problem.  You have to worry about the people, people. We have been saying this for years.  The lastest news on that front is in the 2020 Cost Of Insider Threats Global Report released by the Ponemon Institute and sponsored by ObserveIT and IBM.  It does tell us a lot of things we already knew but the details including those about how it is growing are important to note. More info at HelpMeWithHIPAA.com/242

Wearables, medical devices and HIPAA are just some of the questions we have gotten recently.  Today’s episode is privacy and security news plus listener questions. More at HelpMeWithHIPAA.com/241

Is HIPAA ambiguous? That is the way many people refer to anything that has to do with HIPAA regulations. It comes from doctors, nurses, lawyers, managers, supervisors, even compliance officers. But, is it really the way we should refer to the law? Should we say it is flexible or reasonable instead? More at HelpMeWithHIPAA.com/240

There have been a lot of headlines lately about Windows 7 end of life and Windows 10 security patches.  Let’s discuss why supported software and security patching matters in general. Then, we can talk about why it matters under HIPAA.   More at HelpMeWithHIPAA.com/239

We have mentioned ransomware warnings over and over on HMWH.  To the point ransomware shows up in a search on 56 different episodes before this one.  That means we’ve talked about ransomware warnings in 24% of our episodes. Guess what - clearly we need to talk about it again! More info at HelpMeWithHIPAA.com/238