Help Me With Hipaa

Buckle up, folks, because this week’s episode is a wild ride through the Cavity of Lies—where HIPAA violations, ransomware attacks, and outright absurdity collide. What happens when a dental group tries to sweep a massive breach under the rug (or, you know, hide servers in bathrooms)? Let’s just say it doesn’t end well. From a 3-year-long cover-up to servers stored in all the wrong places, we’ve got lies under oath, policies that might as well be urban legends, and enough bad decisions to make you cringe harder than hearing the dentist say “we need to talk about your flossing habits.” More info at HelpMeWithHIPAA.com/493

Hold onto your compliance hats—big changes are brewing for HIPAA’s Security Rule! The Notice of Proposed Rulemaking (NPRM) is officially out for public comment, and it’s clear HHA and OCR are on a mission to modernize and tighten the safeguards for electronic protected health information (ePHI). From clarifying risk analysis expectations to making security requirements less, well, “vague,” these updates aim to bolster patient safety and data protection while keeping pace with today’s tech-driven world. But with great updates come great responsibilities for covered entities and business associates alike, so now’s the perfect time to weigh in and help shape the final rule before it’s set in stone. More info at HelpMeWithHIPAA.com/492

Ready to kick off 2025 with a bang? We’re diving into the must-dos for your Q1 2025 compliance and cybersecurity checklist, sprinkling in some risk management wisdom, and why Windows 10 is about as fashionable as shoulder pads in the 2020s. Plus, we sprinkle in a hearty dose of snark to keep you entertained while you get your compliance game strong. Oh and if your incident response plan is just “hope for the best,” it’s time to tune in. More info at HelpMeWithHIPAA.com/491

Ah, supply chain attacks—the gift that keeps on giving... headaches, fines, and catastrophic data breaches. In this episode, we unwrap three cautionary tales of organizations caught in the tangled web of digital supply chain chaos. From unpatched vulnerabilities and sneaky software backdoors to hackers casually buying network access like it’s an eBay auction, each story serves up a hard truth: you don’t want to be part of a supply chain attack, you don’t want to have a supply chain attack, and you definitely don’t want to delay dealing with a supply chain attack. So grab your metaphorical flashlight and let’s go spelunking into the murky caves of cybersecurity mishaps. More info at HelpMeWithHIPAA.com/490

It’s the final countdown, folks—the last episode of the year! And OCR decided to end 2024 with a bang, handing out settlements like candy at a Christmas parade. But here’s the twist: the candy comes with a price tag, and it’s not cheap. This episode hones in on OCR’s new enforcement initiative targeting incomplete and outdated risk analyses. So, before you pop the champagne, let’s make sure your SRA isn’t a ticking compliance time bomb. More info at HelpMeWithHIPAA.com/489

Welcome to the 2024 Blooper Show, where we prove once again that even after nine years, perfection is overrated and laughter is mandatory! Big shoutout to Bojan, our long suffering audio engineer extraordinaire, who turns our chaos into coherence. And of course, we can’t forget you—our amazing listeners—who tune in each week, send us your thoughts and questions, and share the chaos with your friends. Cheers to you for making this madness worth it! More info at HelpMeWithHIPAA.com/2024blooper

Cybersecurity incidents can feel like a punch in the gut, but with the right plan, you can roll with the hits instead of flailing in panic. In this episode, we’re diving into executive strategies for tackling the unexpected, from building response teams to keeping business operations afloat when chaos strikes. Along the way, we also cover a recent corrective action plan that serves as a cautionary tale for getting your protocols in order before trouble comes knocking. This is your go-to guide for staying cool when the heat is on! More info at HelpMeWithHIPAA.com/488

Is your healthcare organization ready for a triple threat, or are you playing a risky game of cybersecurity roulette with delayed access, ransomware demands, and a missing incident response plan? Today, we explore three tales in healthcare that are equal parts cautionary and compelling. We kick things off with the Healthcare and Public Health Sector Coordinating Council’s shiny new cyber incident response checklist—aka your cheat sheet for keeping calm in the face of chaos. Then, we give you the juicy details of a hefty civil money penalty slapped on a healthcare entity for dragging their feet on providing patient records (spoiler alert: patience isn’t a virtue when it comes to HIPAA). Finally, we unravel the saga of a ransomware attack that not only encrypted data but also emptied some wallets. Whether you’re here to learn, laugh, or just feel better about your own compliance game, this episode’s got you covered. Buckle up, because the HIPAA ride is wild! More info at HelpMeWithHIPAA.com/487

Feeling thankful this season? Us too—especially when it comes to dodging data disasters! In this episode, Donna and David dive headfirst into some eyebrow-raising cybersecurity tales, from job application breaches exposing sensitive information to the ever-creepy risks of unsecured IoT devices (yes, even your vacuum might be plotting against you). Whether it’s researchers discovering unsecured data files or hackers turning robot vacuums into racially inappropriate terrors, we’re reminded to never take our digital safety for granted. Grab your popcorn (or an encrypted snack, if that’s a thing) and join us as we talk about what it means to truly be grateful for solid security practices this year. More info at HelpMeWithHIPAA.com/486

Doing a half-baked risk analysis is like locking your front door but leaving all the windows wide open. What’s the point?  Today, we dive into the first-ever Security Risk Assessment (SRA) violation settlement—a juicy topic for compliance nerds and healthcare pros alike. We’re talking ransomware, compliance checklists (the kind you actually need), and why a “kinda-sorta risk analysis” isn’t going to cut it with the OCR. Along the way, we’ll break down the $90K fine, the three-year corrective action plan, and what this means for everyone still winging their HIPAA risk assessments. Time to up your game folks! More info at HelpMeWithHIPAA.com/485

Buckle up for Part 2 of our breakdown on the HHS OCR NIST healthcare security conference - because, yes, 16 hours of deep dives into AI, HIPAA compliance, and cybersecurity priorities can’t be tackled in just one episode! From wild projections about AI’s future in healthcare to OCR’s “tough love” on compliance standards, this episode peels back the curtain on the big decisions shaping healthcare data security. It’s a whirlwind tour through risks, regulations, and the occasional debate on why “just doing it the old way” won’t cut it anymore. Let’s get into it! More info at HelpMeWithHIPAA.com/484

Buckle up, folks! Today, Donna and David are here with Part 1 of their deep dive into the recent HHS OCR NIST healthcare security virtual conference, and they're spilling all the cyber-tea. With experts from HHS, OCR, NIST, FTC, and FDA presenting, this conference covered a ton. From AI-powered hackers and QR code scams to unpatched medical devices and a spike in supply chain attacks, the discussions centered on what it takes to keep healthcare data and devices secure in a constantly evolving threat landscape. Wondering why healthcare data security feels like a game of whack-a-mole? Tune in to find out! More info at HelpMeWithHIPAA.com/483

Ever heard someone say you need a pen test but then start wondering if they meant a pen from a spy movie? There typically is a lot of confusion between penetration testing and vulnerability assessments—a common mix-up with big consequences for your cybersecurity game. We will walk through different types of pen tests, explain how they help you spot weaknesses before the bad guys do and tackle why continuous vulnerability management can save you from surprises. Whether you’re building up your defenses or simply trying to keep up with best practices, this episode is packed with insights on staying ahead of cyber threats, one test at a time. More info at HelpMeWithHIPAA.com/482

Ever had a root canal that felt less painful than dealing with bureaucracy? Well, buckle up, because in this episode, we sink our teeth into the 50th patient right of access enforcement action under HIPAA. That’s right—50 cases since 2019, and somehow, this one involving Dr. Gumb (yes, really) and a dental records dispute is the most absurd of the bunch. From a refusal to hand over records to racking up government fines like trading cards, this saga is a wild reminder of what happens when compliance takes a backseat.  More info at HelpMeWithHIPAA.com/481

Today we tackle the trifecta of cybersecurity headaches: Microsoft’s awkwardly ambitious recall feature, the looming HISAA regulations (because HIPAA wasn’t enough), and a juicy enforcement action following a ransomware attack. We’ll break down how Microsoft’s recall reboot went from intrusive default to opt-in relief, why HISAA could mean mandatory stress tests for healthcare providers, and what lessons we can learn from a ransomware attack that left 291,000 patient records exposed—and a corrective action plan no one wants. If you've ever wondered how healthcare security, government fines, and tech mishaps collide, this one’s for you. More info at HelpMeWithHIPAA.com/480

Leaving your web browser open with 25 tabs is the digital version of leaving your front door unlocked? Whether it's for email, work docs, shopping, or watching cat videos, your browser is the gateway to, well, everything. But as much as we depend on them, so do hackers. From credential theft to sneaky phishing attacks, cybercriminals are finding clever ways to turn your favorite browser into a tool for their dirty work. Today, we’ll break down the wild world of browsers—how we rely on them, and how hackers are exploiting them while we casually leave 25 tabs open at once. Note to self:  it’s time to update your browser (and maybe close a few tabs)! More info at HelpMeWithHIPAA.com/479

Boo!

Healthcare marketing is tricky enough without tripping over the big pitfalls that could leave you tangled up in HIPAA violations or a patient privacy disaster. Today we break down five common marketing mistakes you definitely want to steer clear of. From misinterpreting HIPAA rules to guarding patient data like it’s your grandma’s secret cookie recipe, these blunders can get you into serious trouble. We’re here to help you navigate these common missteps and protect your business from unnecessary risks. More info at HelpMeWithHIPAA.com/477

Do you feel like cyberattacks are the world’s worst game of whack-a-mole? No matter how many you smack down, ten more pop up— and there’s no sign of it slowing anytime soon and neither is the confusion over who’s responsible when your data gets caught in the crossfire. If your supply chain and your own security safeguards aren't locked down, you might as well be rolling out the red carpet for hackers. Tune in as we break down the latest mess, and yes, it’s as frustrating as it sounds! More info at HelpMeWithHIPAA.com/476

Ever left your front door unlocked, thinking it’s no big deal? Well, that’s what happens when you forget about facility access controls – and the consequences can be far worse than a missing TV!  Today, we dive deep into a topic that often gets overlooked but is critical to any organization’s security – facility access controls. Whether it's ensuring that only authorized personnel can access sensitive areas or protecting valuable equipment from walking out the door, facility access controls are a crucial part of safeguarding not just data but also physical assets. And as much as we love talking about tech, this time it's all about locks, keys, and keeping the wrong people out.  More info at HelpMeWithHIPAA.com/475