Help Me With Hipaa

There are several recent studies and articles that discuss the world from the viewpoint of the people who have the cybersecurity roles in your IT staff. Their days are packed just trying to keep everything working and secure. As much as we have been after IT folks lately it is important to note that many times they take care of problems that you never even see. Today we are taking the time to remember that cybersecurity roles are tough. Really all IT roles involved in protecting our valuable information resources are tough jobs. It takes everyone to defend our data so your cybersecurity team needs your support! More details at HelpMeWithHIPAA.com/193

If you spend time every day worrying about the risks in using email, you might be a security professional.  Email is very risky even if you don’t realize it.  Imagine that you are just walking along a bridge safely.  What you don’t realize is the pit that is just a few inches below the bridge is filled with snakes, gators, and poison spikes.  One small mistake could mean - dum, dah, dum, dum, duuummmm.  Email is dangerous, seriously it is. More info at HelpMeWithHIPAA.com/192

OCR got to toot its own horn in a big press release on Feb 7.  Not only did they announce another settlement that happened in December that we had not heard about but they also recapped the record-setting year they had with enforcement cases in 2018. Time to learn from other's mistakes. More info at HelpMeWithHIPAA.com/191

As with many things, HIPAA “experts” are everywhere.  There is also a lot of misinformation, confusion, and downright bad advice being handed out by people who think they understand HIPAA more than they actually do.  Wrong HIPAA statements can be found on a lot of discussion boards and just out in the world talking to people. We deal with those issues on a regular basis. Sometimes we can laugh about it.  Other times we just have to take very deep breaths before we find ourselves responding inappropriately. Our intent here is to educate, always educate even when you are dealing with someone that may not know they need educating. More at HelpMeWithHIPAA.com/190

The Cybersecurity Act of 2015 (CSA) called for adapting our critical infrastructure to better handle cybersecurity issues using private and public partnerships.  Section 405(d) of CSA calls for “Aligning Health Care Industry Security Approaches.”  A task force has been working on doing that since May 2017.  On December 28, 2018, they published the information we have been excited to see in their document Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients (HICP).  Let’s review this important information, shall we? More info at HelpMeWithHIPAA.com/189.

Let’s be #PrivacyAware in today’s episode.  Privacy Day has been around for a while. It is “international effort to empower individuals and business to respect privacy, safeguard data and enable trust”.  At HMWH, we are all about trust here and certainly aim to empower those who are willing to respect privacy. For more info HelpMeWithHIPAA.com/188

Passwords are a necessary evil in our online and digital world.  There are lots of tools out there that help us deal with them but you have to use them every day in some way unless you are completed unsecured or off the grid.  LastPass recently released an interesting report about the use of passwords. Let’s see what new trouble we can find in these details about our daily password battle and discuss some options we have found for dealing with them. More at HelpMeWithHIPAA.com/187

Today we cover the things we are keeping an eye on for 2019.  Yes, it is 2019, I can not believe how quickly we have gone through almost 2 decades of the 21st century. Our top 7 predictions for 2019 may not surprise you.  But, that shouldn't stop us from throwing them out there. More at HelpMeWithHIPAA.com/186

In case you have missed it there have been several headlines about HIPAA changes in the last month.  What is that all about and what should you worry about? Today we are discussing if HIPAA changes are will be coming this year.  Even better we will tell you what we plan to do with the information. More at HelpMeWithHIPAA.com/185

OCR continued to hand out settlements to close out 2018. These last few announcements came out so quickly vs normal rates it is definitely raining settlements! While these last two do pale in comparison to the huge Anthem settlement, they certainly bring home more messages. What lessons are they trying to teach us with the Florida and Colorado settlements announced in December? More info at HelpMeWithHIPAA.com/184

Each year our Croatian sound editor, Bojan, compiles his favorite package of our issues to share his pain with our listeners.  Listen in to hear how much he has to work to make us sound so much better than we should. Thanks, Bojan for all the hard work! For all our listeners, Happy Holidays and thanks for your support this year and in the future!  

The allergy practice settlement that was recently announced will be known as the “no comment” settlement in my mind.  As always, there are lessons to be learned from this announcement and the way OCR handled it. This settlement brings up a lot of discussions about handling patient public comments. More at HelpMeWithHIPAA.com/183

There have been several announcements about cybersecurity agencies and offices lately.  Some announcements are from the Department of Homeland Security (DHS) and some are from Health and Human Services (HHS).  What are they talking about and what does it mean to you?   More at HelpMeWithHIPAA.com/182

It is hard to believe we are coming to the end of another year.  Seems like just yesterday we recorded 7 Educated Guesses About 2018.  Today we review our 2018 predictions, ummmm, educated guesses for 2018 and see how we did. More info at HelpMeWithHIPAA.com/181

This holiday we are both taking time off to celebrate with our friends and families.  In our absence, please enjoy a replay of our previous Gift Giving Guide for compliance officers.

Listener message potpourri means we will be hitting several different topics in this episode. We get emails and messages from listeners a lot these days. While we do our best to respond we can't say we are consistent. That is why we do these episodes periodically.  If we've missed yours, don't hesitate to point it out to us in another message.   More info at HelpMeWithHIPAA.com/180

In the recent NIST OCR security conference, a panel member said the terms “HIPAA compliant” and “HIPAA certified” made her cringe.  We agree. The Anthem settlement has a lot of people asking about certifications for cybersecurity since Anthem was technically HITRUST Certified when the hacker first broke into their network.   Let’s talk certifications and what they really mean under HIPAA, shall we? More info at HelpMeWithHIPAA.com/179

The 2015 Anthem data breach could have been a watershed moment for HIPAA privacy and security in many ways. It remains to be seen if the settlement with OCR turns out to be another one. Either way, the historic breach and historic settlement have many lessons for us to learn. Let's discuss Anthem settlement lessons today. More info at HelpMeWithHIPAA.com/178

Time for the annual Halloween episode!  5 horror movie quotes are this year’s theme.  We have 5 horror movie quotes that are matched up to data breach stories. More info at HelpMeWithHIPAA.com/177

We are #CyberAware is the tag for the National Cybersecurity Awareness Month campaign.  Each year this campaign is run by the National Cybersecurity Alliance. In 2018, Kardon, Security First IT,  and HMWH are all signed up to be champions and publish information for the campaign.  Today, we will review what these campaigns are about and how you can use these and more like them to augment your education program. More at HelpMeWithHIPAA.com/176