Help Me With Hipaa

This time of year many of us think about cleaning out closets and switching seasons.  By clearing out your digital clutter you can double check the security of your devices and reduce your attack surface at the same time.  Plus, it is way easier than cleaning out the old hall closet that may have monsters lurking in the back of it.  Make the time to clean your digital clutter at least once or twice a year and you will feel better for it.  Why not do digital spring cleaning, too? For more go to HelpMeWithHIPAA.com/155

There is a frequent issue with people understanding what a Security Risk Analysis includes. In fact, there is so much confusion we often see documents presented as a risk analysis that is actually a gap analysis. It happens so often that OCR is trying to address it in their April newsletter. We are going to take a stab at explaining what gap analysis reports look like vs what a security risk analysis report really includes when done properly. For more information: HelpMeWithHIPAA.com/154

Back in January, I read an article in Forbes titled: The Five Laws Of Cybersecurity.  When reading it I realized that it was a great message to our listeners but it needed a HIPAA flavor added it to it.  This episode we add our thoughts to his article and turn it into 5 Laws of HIPAA Cybersecurity. For more details HelpMeWithHIPAA.com/153

More news on the insider front makes it necessary to point out, again, how susceptible healthcare is to insider failures. HelpMeWithHIPAA.com/152

The American Medical Association (AMA) did a survey of physicians and their thoughts about privacy and security practices. It was interesting to hear their responses. Also, when a group of Security Officers gets together for a chat some people glaze over.  For nerds like us, it is an exciting discussion. Today we are going to discuss the Security Officer panel topics and the AMA report presentation from the National HIPAA Summit. HelpMeWithHIPAA.com/151

Are you ready for extreme vendor vetting? Many vendors have been pushing back against any covered entity or business associate that asked them to answer questions about their privacy and security programs. They believe signing a business associate agreement (BAA) meets the legal requirements and that is all they must do. Well, the times they are a changing - again.  There are many different factors making it necessary to ask these type questions and not just accept a BAA as reasonable assurances. What are those factors and how things are changing are the topics we discuss in this episode.   For more go to HelpMeWithHIPAA.com/150

The National HIPAA Summit always features some interesting news from OCR concerning guidance, enforcement, and audits.  This year was no different. In this episode, we discuss the highlights as we interpreted them anyway. More at HelpMeWithHIPAA.com/149

Cybersecurity trends sound scary when you hear us talk about some of this stuff.  Cyberscary is actually what we decided to call it.  The good news is we do talk about other things sometimes. There are two reports that came out in recent weeks have gotten my attention and just have to be discussed with you guys. More info at HelpMeWithHIPAA.com/148

Cybersecurity legal requirements keep changing at the state, federal, and international level.  Most of the changes are just trying to keep up with the constantly changing landscape of threats in cyberspace. Today we call in an expert, Mitzi Hill, to talk to us about those cybersecurity legal requirements.  How those changes may impact your business and your privacy and security program is certainly something we don’t want to lose track of in the mix. More information at HelpMeWithHIPAA.com/147

We get questions from listeners on a pretty regular basis.  When they come in from an email we do our best to reply with an answer.  Sometimes they get backed up for us to get them on the show, however. Today we are covering some of those, in fact, we are covering 6 listener questions. HelpMeWithHIPAA.com/146

News abounds about Uber and other ride-sharing services taking people to their doctor appointments.  They say they have it covered and Uber Health HIPAA compliance is solid. Today we look at what they are saying about HIPAA here and what that means to us. More info at HelpMeWithHIPAA.com/145

If cybercrime truly is the number one problem with mankind and healthcare is the number one cyber attacked industry is it because healthcare sucks at cybersecurity? For more info HelpMeWithHIPAA.com/144

If it seems like cyber issues are around every corner these days, you aren’t imagining things. In episode 128 way back in November 2017, we discussed the fact that we thought there were signs of a coming cyber storm. Today we look at what is going on and see if we may actually be in the midst of that storm or is it still building. For more: HelpMeWithHIPAA.com/143

Information privacy and security requirements in various laws are coming up in legal cases more often these days.  Part of that is because we have more of those type laws. Although HIPAA has been in effect for over a decade, I don’t recall seeing it used in lawsuits and legal cases as frequently as I do now.  Maybe I am just paying more attention but there are certainly plenty of cases in the courts today.  Most are civil cases but some are even criminal cases.  After hearing these you will probably know the answer to the question “Do I need a lawyer”.   Probably, maybe, that is a fact-specific determination.  Honestly, though, the answer is you probably will if you are not taking information privacy and security seriously today. More at HelpMeWithHIPAA.com/142

As expected, OCR has continued to announce enforcement actions in 2018.  This one is a bit different than any previous resolution in that there are 5 different cases across multiple locations in a single organization. It is also important to note that all 5 of these issues data back to 2012.  Almost 6 years since the first one occurred, we have the resolution agreement.   HelpMeWithHIPAA.com/141

HIPAA made easy is a topic we have discussed many times before but today we are going to cover it specifically.  So often we get requests for the “easiest way” to do HIPAA. This isn’t something to check off a list and have it done. It is something that you do every day as part of your business. The idea that you can make HIPAA easy is similar to saying that doing all of your accounting and taxes for your business is easy.  Maybe if there is one person to pay and that is you but handling your finances correctly isn’t something many people find easy. Yes, the data can be gathered and entered into systems.  But, do you know all the forms to complete, documents to save, follow up to do, classifications to determine, etc.  It isn’t easy but it is doable.  So is HIPAA.     For more HelpMeWithHIPAA.com/140

Cybersecurity is in the news a lot lately. Particularly a lot of news just since the beginning of the year. As usual, we review all the news looking for important things to share with our clients and listeners.  There are just so many different stories to choose from this week, we decided to cover several of them in one episode.  So, here are 6 cybersecurity lessons in the news. Some of them may be things you saw before but all of them were worth discussing what we should be aware of and learn from all the information coming in for 2018. For more go to HelpMeWithHIPAA.com/139

In December, the OCR newsletter was titled Cybersecurity While on Holiday.  First, how very British of them!  Second, is it just when on holiday?  The same rules apply anytime you are on the road with technology and access to the internet.  We see this as something you should review no matter when you plan to access information outside the office.  While some think the corner coffee shop is a great work space others work in hotels and conference rooms all over town without being on holiday at all.  In this episode, we review the suggestions in the newsletter but drill down a bit more into how much of this applies when you are working mobile from home or just down the street as well.   More at HelpMeWithHIPAA.com/138

At the beginning of 2017 OCR announced several settlements.  Then, the settlement announcements stopped in May as their were leadership changes that continue to happen.  In fact, the only reason this announcement seemed to come out was because it was included in a bankruptcy court filing earlier this month.   For more go to HelpMeWithHIPAA.com/137

Unless you never listen to nerd-speak you have to have heard the discussion about Meltdown and Spectre over the last few weeks. It is a perfect time to talk about what patch management really means in your cybersecurity protections.  We try our best to discuss it with less geek speak and more English.   For more info HelpMeWithHIPAA.com/136