Help Me With Hipaa

There have been a lot of headlines lately about Windows 7 end of life and Windows 10 security patches.  Let’s discuss why supported software and security patching matters in general. Then, we can talk about why it matters under HIPAA.   More at HelpMeWithHIPAA.com/239

We have mentioned ransomware warnings over and over on HMWH.  To the point ransomware shows up in a search on 56 different episodes before this one.  That means we’ve talked about ransomware warnings in 24% of our episodes. Guess what - clearly we need to talk about it again! More info at HelpMeWithHIPAA.com/238

As we anticipated there was one more OCR settlement announcement before the end of 2019.  This one popped in at the end of December and was yet another one in our backyard. The ambulance company settlement seemed simple at first but once we read the details there is a lot to unpack in the CAP.  Let’s get to it then! More info at HelpMeWithHIPAA.com/237

We need to get on the record with our 2020 predictions even if we both agree we have no freaking idea what is going to happen in 2020.  If anyone out there says they honestly believe they have a true beat on it, check them out. We do have a few 2020 predictions that we feel sure enough about to say it outloud to you guys. More info at HelpMeWithHIPAA.com/236

Here we go with two more OCR enforcement settlements.  As we expected, the end of the year included a flurry of enforcement announcements from OCR.  Just as this was about to be recorded they announced the second patient access settlement. So we can we get both done in one episode!  Both of these cases are related to some costly PHI mistakes so let’s get down to business. More info at HelpMeWithHIPAA.com/235

We have made it most of the way through 2019.  Now is the time to see how we did when we released our HIPAA privacy and security predictions for 2019 in episode 186 way back on Jan 11.  There were so many things that transpired this year just when thinking about the threat landscape much less all of our HIPAA discussions it feels long ago in a galaxy far, far away.  For more info HelpMeWithHIPAA.com/234

Enjoy Bojan's 2019 version of our annual blooper show.  Yes, some things really are as crazy behind the scenes as it seems. Thanks for all your support in 2019.  Enjoy whatever holiday you celebrate this time of year to the fullest!

A Business Associate Agreement isn’t just another simple bit of paperwork.  The liability commitments in your BAA and the business relationship it defines are very serious and very important in defining clearly the responsibilities of both parties.  Lately, we have had to ask a lot of questions like what is in your BAA and today we discuss what we have been seeing out there in the wild, so to speak. More info at HelpMeWithHIPAA.com/233

OCR has been busy closing out investigations lately.  They announced 2 more enforcement actions in early November.  One was a settlement in NY, but the other was a civil money penalty with Texas HHSC. Let’s review these 2 new OCR enforcement actions to see what we need to learn from the details released. More info at HelpMeWithHIPAA.com/232

Happy Thanksgiving from the HMWH team.  Since we just talked with Erik Decker the last two weeks about HICP it seemed fitting that our Thanksgiving replay this year is the discussion we had about our initial review of HICP earlier in 2019.  That was episode 189. Thanks for listening and enjoy the Holiday season!

Today we share part 2 of our Erik Decker HICP discussion.  Learn about more tools for small and medium organizations. The 405(d) Task Group has more work to do so learn ways you can help spread the word about using these tools to improve healthcare cybersecurity.  We even ask how we can all help promote cybersecurity awareness and HICP to improve the healthcare cybersecurity. HelpMeWithHIPAA.com/231

We covered the release of HICP or Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients back in Feb in the episode we called 5 Threats and 10 Protection Practices – Ep 189.  HICP has now been out for a bit and the next phases of the project are in process.  Today we discuss all things HICP with Erik Decker who is the Health Sector Coordinating Council Co-Lead of the 405(d) Task Group that developed this tool to help our sector follow solid cybersecurity practices. More info at HelpMeWithHIPAA.com/230

HIPAA penalties are always discussed in training and presentations about HIPAA.  Those discussions are usually more about an overview of what is in the law than actual information on how the law is applied.  HIPAA penalties are really not seen often. Civil money penalties are not part of the settlements we usually see but OCR announced a big one in October.  How do they really apply those huge numbers everyone talks about but we never see? More info at HelpMeWithHIPAA.com/229

The annual conference hosted by NIST and OCR Safeguarding Health Information: Building Assurance through HIPAA Security and the repeated message on day one of the conference was “HIPAA is the floor” which started with OCR Dir Severino’s keynote. We always get information at some point that makes these conferences worth the time. What did we get from this one?  More info at HelpMeWithHIPAA.com/228

As is our custom, each year we have a halloween-themed episode. This year we are thrilled to bring you several very real Tales From The Dark Side Of HIPAA.  Thanks to our friend, Jack Rhysider from DarkNet Diaries for recording our haunting lead-in! More info at HelpMeWithHIPAA.com/227

Social media and PHI get the OCR spotlight in the latest settlement announced.  Reading these settlement agreements provide the best guidance from OCR which is why we always take the time to get those details for you.  How much have you considered about your social media policies and how your staff understands their responsibilities? More info at HelpMeWithHIPAA.com/226

Is there such a thing as bad luck breaches?  Most of us don’t expect luck to rule our world although I will always take good luck if I can get it.  But when bad things happen sometimes we say it is due to a string of bad luck. Can data breaches be due to one of those strings of bad luck? For more info go to HelpMeWithHIPAA.com/225

The first patient access settlement has been announced by OCR.  Director Severino mentioned they would be putting an emphasis on this issue and we now have the first enforcement come through.  What should you learn from this settlement? It included some interesting corrective action requirements. More HelpMeWithHIPAA.com/224

January 14, 2020 marks the end of life for Windows 7 and Windows 2008 operating systems. Have you done your SRA to make sure you have things covered? What about home computers, should you be worried about those? In this episode we review what this end of life for Windows OS means and what you should be doing in the 4th quarter of 2019 to prepare for it. More at HelpMeWithHIPAA.com/223

We always talk about the need for a culture of compliance or culture of privacy and security. Today we talk about 6 things you notice when you have built a culture of compliance. The 6 comes from 3 x 2 which means there is clearly no rhyme or reason for the selection today. More at HelpMeWithHIPAA.com/222