Help Me With Hipaa


Sinopsis is a collaboration between Kardon Compliance founder, Donna Grindle, and founder, David Sims. Our mission is to share our Privacy and Security knowledge with those who are required to understand, implement, and manage the complex Privacy and Security requirements of HIPAA compliance.Our work with CEs and BAs inspired us to launch the service to provide information about the complex requirements of HIPAA in a relaxed manner without using too much legalese or geek speak. As the podcasts programs progress we will cover topics about that include sorting through the requirements as well as real world examples of the procedures used, both good and bad.Join us as we do our best to create a show where HIPAA and humor collide!


  • Vendors In Your Breaches - Ep 391

    27/01/2023 Duración: 58min

    Knowing what vendors your BAs may use to provide services to your organization is crucial. Those downstream vendors could be the cause of a breach of your data. Signing a BAA does not prove a BA is properly securing your data. Vetting your vendors is as important as making sure your vendors are vetting their vendors. More info at

  • Spitballing Website Tracking - Ep 390

    20/01/2023 Duración: 39min

    Using website tracking technology on healthcare sites can be a double-edged sword. On the one hand, it can help healthcare organizations better understand user behavior, preferences, and interests. However, if not properly secured, this technology can also put users at risk of their sensitive data being accessed and used inappropriately.  More info at

  • Last Pass for LastPass? - Ep 389

    13/01/2023 Duración: 56min

    The recent breach at the popular password manager, LastPass, has caused a lot of concern amongst its users. We ourselves have discussed whether this is the last pass we are going to give to LastPass. So, in today’s episode, we discuss what happened, what it means for LastPass users and what are some things you should do or consider doing. More info at

  • 2 More OCR Settlements - Ep 388

    06/01/2023 Duración: 41min

    For our first show of 2023 we review 2 more OCR settlements! These are the last ones released in 2022. Listen in to hear what happened so that you can learn how to avoid making the same mistakes in the new year. More info at

  • 2022 Recap and 2023 Predictions - Ep 387

    30/12/2022 Duración: 58min

    This is one of our favorite episodes of the year. We will recap our 2022 privacy and security predictions and then make new predictions for 2023. Aside from the obvious predictions like “ransomware will increase”, our predictions will give you what we think you are going to be hearing about that you should worry about in 2023. More info at

  • 2022 Blooper Show

    23/12/2022 Duración: 17min

    As is our custom, we take one week off each year from creating new content just to give us a break. It also gives our sound engineer, Bojan Sabioncello, a chance to shine while he goes through all the outtakes he deals with all year. He gets in front of the mic to share how awful we treat him yet, he is still around after all these years.  Thanks to Bojan for his skill in making us sound so good every week.  Thanks to all our listeners who have been with us and share our podcast with others. We are here because of you. As always, remember, HIPAA is not about compliance, it is about patient care.

  • Check Your Power Outage Plans - Ep 386

    16/12/2022 Duración: 46min

    When you think of a power outage happening to you or your business, you probably think of an outage lasting a few hours. Not the case with the recent massive power outage experienced in Moore County NC recently. So, that begs the question, do you have a response plan for experiencing a power outage lasting a week or more?  You should. More info at

  • 3 New Ways Attackers Trick You - Ep 385

    09/12/2022 Duración: 48min

    The holidays are upon us and everyone is getting excited about buying presents for friends and loved ones. Cyber criminals are excited too because it means even more opportunities to attack us. Today, we are discussing an article from ZDnet about three new ways attackers are trying to trick you. More info at

  • OCR Recognized Security Practices Guidance - Ep 384

    01/12/2022 Duración: 49min

    OCR recently released a video on their Recognized Security Practices initiative. The intent is to teach HIPAA regulated entities on what Recognized Security Practices is and what is required to prove its implementation in your organizations. We will review the video today and give you some key takeaways from it. More info at

  • 3 Reasons To Be Thankful - Ep 383

    25/11/2022 Duración: 32min

    As we celebrate Thanksgiving, we thought it would be a good idea to cover three reasons why you should be thankful. Or better yet, three situations you should be thankful that you’re not caught up in…. unless, unfortunately, you are. More info at  

  • Cybersecurity Is Patient Safety - Ep 382

    18/11/2022 Duración: 45min

    The healthcare industry is not immune to cyberattacks. In fact, it's one of the most vulnerable industries. To protect patient safety and data security, hospitals and healthcare providers need to implement better cybersecurity measures. Today, we review a paper from the office of Senator Mark Warner (VA) that discusses policy options for the healthcare sector. More info at

  • 9 Incident Response Procedures - Ep 381

    11/11/2022 Duración: 47min

    What is your Incident Response Plan?  If you said “Oh, we’ll just call IT,” then you need to listen to this podcast.  We will review the October 2022 OCR Newsletter that discusses nine procedures that entities should consider including in the incident procedures. More info at

  • One Click That's All - Ep 380

    04/11/2022 Duración: 48min

    Keeping up on ways to protect your business from a cyber attack can feel intimidating, especially because of the continuously changing methods criminals use to social engineer us. The bottom line is it only takes one click at any time by anyone to open the door to the attackers.  More info at

  • Decisions Coming Back to Haunt You - Ep 379

    28/10/2022 Duración: 51min

    As you know, each year we record a Halloween episode.  This year we are covering very scary decisions that have come back to haunt several organizations, including an organization’s decision not to report a cyber attack, an entity that thought they’d just stroke a check for fines assessed and everything would be OK, and a provider who posted PHI on social media. Listen in and learn what NOT to do. More info at

  • 3 Vetting Tips Before You Download That App - Ep 378

    21/10/2022 Duración: 42min

    Do you remember the saying “there’s an app for that”? Apps certainly are cool and convenient, but can you tell whether they are malicious or not? Today, we discuss and give you some vetting tips you can use before you download apps.   More info at

  • Are Connected Devices Secure? - Ep 377

    14/10/2022 Duración: 49min

    More and more the healthcare industry is using connected medical devices that do cool things, like creating efficiencies in the delivery of patient care and automating tasks for healthcare providers and their staff.  But, what about the security of these connected devices? Has anyone thought about that? Well, Ponemon and Cynerio did a study on just that topic and the results are very concerning. More info at

  • 3 Dental Offices Learn About OCR - Ep 376

    07/10/2022 Duración: 47min

    OCR’s right of access initiative keeps on churning with three more cases, making a total of 41 violations of patient right of access so far. Dentists are a known problem when it comes to doing anything for HIPAA privacy and security, including right of access requirements. But, they are quickly learning all about OCR enforcements of HIPAA violations. More info at

  • Cost of a Data Breach 2022 - Ep 375

    30/09/2022 Duración: 51min

    Every year we review the Ponemon Institute’s Cost of a Data Breach report. It's always interesting because we learn that it's not just about the money. We learn what really makes a difference in our privacy and security program, what we can do that can make the biggest positive impact in the overall cost or a data breach and, more importantly, what things make the biggest negative impact. More info at

  • 5 Signs Your Org Is At Risk - Ep 374

    23/09/2022 Duración: 47min

    We follow a lot of the Ponemon studies. They help us see changes and trends and make better recommendations to our clients. We are going to cover their annual cost of an insider breach study. This global study covers insider incidents and provides five signs your organization is at risk.  More info at

  • New Goal: Cyber Resilience - Ep 373

    16/09/2022 Duración: 55min

    The ongoing, rapidly changing cyber war has created a need for us to change our viewpoint on cybersecurity.  Yes, we need to worry about cyber hygiene and continue working on ways to secure our systems, networks and data. However, there is also a need to take the “plan for the worst but hope for the best” approach and start focusing on cyber resilience. More info at

página 1 de 21