Help Me With Hipaa

More notes and links on the website at HelpMeWithHIPAA.com/39

More details on our website  Also at the Atlanta's Most Trusted Advisors page: 

 Brittney Wilson, The Nerdy Nurse, joins us to discuss the clinical staff's HIPAA perspectives.   More details at helpmewithhipaa.com/38

More details at helpmewithhipaa.com/37

HIPAA may show up in areas you haven't seen before.  If you are assessed by any other organization or for any other reason, HIPAA questions may start showing up. We have heard about it being brought up in many areas: Insurance Policy Applications Partnership Negotiations Funding discussions URAC accredidation (formerly known as the Utilization Review Accreditation Commission) This episode is a discussion on why it is showing up in other places and why we expect that trend to continue. More details at helpmewithhipaa.com/36

ID Experts is in the business of dealing with privacy breaches.  They have a variety of incident response services and tools. We discuss breach topics with Jeremy Henley, Director of Breach Services, ID Experts in today's episode.   Detailed notes from the show can be found on our website at helpmewithhipaa.com/35

New Years Resolutions can be simple commitments to yourself and your compliance program effectiveness.  When you have so many job responsibilities compliance often gets set to the side or "on the front left corner of my desk".  These tiny changes can help you keep things moving forward without forcing you to spend a day or two a week.   Detailed notes on the show can be found on our website at helpmewithhipaa.com/36

Since this episodes is being released on a holiday for all of us at Help Me With HIPAA, we are sharing a special blooper episode our audio editor Bojan Sabioncello created specially for us.  When you hear our recordings from his perspective, you will see what a great job he does making us sound so professional.

Compliance officers need all kinds of help to get their jobs done.  We came up with a list of ideas for gifts to help them out this holiday season. More details at helpmewithhipaa.com/32

Enforcement of HIPAA is changing There are many indicators that make us believe that we will see a distinct uptick in OCR enforcement activity.  The last two OIG reports say OCR isn't doing enough, the news points out issues with enforcement, and even Congress is getting in the mix. In this episode, we discuss why this makes us think you don't want to wait around to see IF OCR starts doing anything differently. More details at helpmewithhipaa.com/31

The HIPAA legislation itself does not include the option for individual patients to sue any CE or BA that may violate their privacy protections included in the law. HITECH added the ability for the States Attorney General offices to file a cased on behalf of their constituents, however.   The biggest change, however, is the ruling by several State Supreme Courts that allows a complaint to use HIPAA as a legal standard of care.  That opens the door for all kinds of options.   More details at helpmewithhipaa.com/30

Everyone is ready for the great deals retailers offer on Black Friday and Cyber Monday. We have a list of low-cost and no-cost deals on HIPAA Security & Privacy tools for you!  Episode 29: HIPAA Black Friday Sale More details at helpmewithhipaa.com/29

The Internet of Things (IoT) is already here, it isn't something that is coming. It is here and it is the future, it will just become more prominent in our daily lives.

If you expect your IT company to do certain things as a HIPAA compliant vendor you are more likely to have the level of support you need.  If you don't ask then they may not be fully aware of what you need or what it requires to be HIPAA compliant themselves.

We review the latest OCR settlement CAP details.

This week we get in the Halloween spirit and share some scary stories that make you have those compliance nightmares.

Description Business Associates and required BAAs are discussed often but not resolved quickly. Let's talk about some ideas and issues that go with BAAs. Links FindHealthcareIT HIPAAforMSPS.com Kardon Compliance Notes Who is a BA? A business partner who provides a service to a CE or BA that requires them to CReMaT PHI. Anyone with persistent access to ePHI whether they do anything with it or not is irrelevant - the fact that they CAN do things is what matters. Complexity is increasing Dietitians at hospital needs info on the scripts for the diet but the employer never stores, accesses, or has persistent access to it but the workforce needs to see it. CE should train them on Privacy rules.BA means it is not your data but you have it or have access to it from the owner of CE. Medical director could be a BA or could be workforce member depending on the contract they have with the employer. ACO formed by hospital as a completely separate legal entity But the ACO is staffed by hospital employees Plus the h

Description We explained the concepts of encryption in Episode 2: Let’s Talk Encryption but people continue to ask more about what they really need to do with encryption. Links FindHealthcareIT HIPAAforMSPS.com Kardon Compliance Episode 2: Let’s Talk Encryption The government and privacy advocates can’t agree on what ‘strong’ encryption even means Notes First, what can encryption do for you and what it can't do for you. VPN, HTTPS, SSL, SFTP, etc. Protect communications from prying eyes. Everything else is about encrypting data on the devices themselves. If you encrypt data on a device but you are hacked when you are logged into the device, encryption isn't too helpful. Encryption is helpful when someone tries to access the data on the device without your key (or password). Strong Encryption is also subjective - there is no solid authority on what is really strong encryption because law enforcement wants a back door. What does HIPAA say about encryption? Encryption (Addressable). Implement a mechanism to en

Cybersecurity coverage being challenged in court has some important points that all businesses should consider. Links FindHealthcareIT HIPAAforMSPS.com Kardon Compliance Help Me With HIPAA  Notes COLUMBIA CASUALTY COMPANY v. COTTAGE HEALTH SYSTEM Data breach occurred Breach announcement said: Between October 8, 2013 and December 2, 2013, PHI of approximately 32,500 patients on the CEs servers weredisclosed to the public via the internet. Hospital got voicemail message from a third party, who informed it that he was able to read the PHI online. Patients seen Sept. 29, 2009, to Dec. 2, 2013 included names, addresses, DOB, MR#, Acct#, diag, lab results and procedures performed. No financial information or Social Security numbers were involved Insync, their IT vendor at the time, left anonymous access for FTP traffic active on an internet servers on or about Oct. 8, 2012. The change allowed ePHI to become available to the public via Google's internet search engine. The server was taken offline immediately on Dec

Show Notes If they were shocked that no one was actually watching for security holes at Ashley Madison you can bet they will be shocked that you haven't been looking because Healthcare is supposed to be private. Ashley Madison: Nobody was watching Top 10 Tech Companies with Ashley Madison Accounts What kinds of things do you need to do to actually be considered looking for them, though? HIPAA Compliant IT Router / Firewall test showed 600% Increase in Unique Vulnerabilities Discovered Last Year (OCR / NIST conference) Within hours or days of a release of software (firmware) vulnerabilities will be identified. Keep firmware up-to-date UTM - what is a UTM not just a router off the shelf at best buy IPS Antivirus Support Subscription! Reporting each month - look at what is going on - if you have IT they can do it but you should be asking them for reports. Printers / Copiers easy for hackers to get to first Smart TVs Patching helps when Hackers Start with "low hanging fruit"  Beginning hackers look for