Help Me With Hipaa

If cybercrime truly is the number one problem with mankind and healthcare is the number one cyber attacked industry is it because healthcare sucks at cybersecurity? For more info HelpMeWithHIPAA.com/144

If it seems like cyber issues are around every corner these days, you aren’t imagining things. In episode 128 way back in November 2017, we discussed the fact that we thought there were signs of a coming cyber storm. Today we look at what is going on and see if we may actually be in the midst of that storm or is it still building. For more: HelpMeWithHIPAA.com/143

Information privacy and security requirements in various laws are coming up in legal cases more often these days.  Part of that is because we have more of those type laws. Although HIPAA has been in effect for over a decade, I don’t recall seeing it used in lawsuits and legal cases as frequently as I do now.  Maybe I am just paying more attention but there are certainly plenty of cases in the courts today.  Most are civil cases but some are even criminal cases.  After hearing these you will probably know the answer to the question “Do I need a lawyer”.   Probably, maybe, that is a fact-specific determination.  Honestly, though, the answer is you probably will if you are not taking information privacy and security seriously today. More at HelpMeWithHIPAA.com/142

As expected, OCR has continued to announce enforcement actions in 2018.  This one is a bit different than any previous resolution in that there are 5 different cases across multiple locations in a single organization. It is also important to note that all 5 of these issues data back to 2012.  Almost 6 years since the first one occurred, we have the resolution agreement.   HelpMeWithHIPAA.com/141

HIPAA made easy is a topic we have discussed many times before but today we are going to cover it specifically.  So often we get requests for the “easiest way” to do HIPAA. This isn’t something to check off a list and have it done. It is something that you do every day as part of your business. The idea that you can make HIPAA easy is similar to saying that doing all of your accounting and taxes for your business is easy.  Maybe if there is one person to pay and that is you but handling your finances correctly isn’t something many people find easy. Yes, the data can be gathered and entered into systems.  But, do you know all the forms to complete, documents to save, follow up to do, classifications to determine, etc.  It isn’t easy but it is doable.  So is HIPAA.     For more HelpMeWithHIPAA.com/140

Cybersecurity is in the news a lot lately. Particularly a lot of news just since the beginning of the year. As usual, we review all the news looking for important things to share with our clients and listeners.  There are just so many different stories to choose from this week, we decided to cover several of them in one episode.  So, here are 6 cybersecurity lessons in the news. Some of them may be things you saw before but all of them were worth discussing what we should be aware of and learn from all the information coming in for 2018. For more go to HelpMeWithHIPAA.com/139

In December, the OCR newsletter was titled Cybersecurity While on Holiday.  First, how very British of them!  Second, is it just when on holiday?  The same rules apply anytime you are on the road with technology and access to the internet.  We see this as something you should review no matter when you plan to access information outside the office.  While some think the corner coffee shop is a great work space others work in hotels and conference rooms all over town without being on holiday at all.  In this episode, we review the suggestions in the newsletter but drill down a bit more into how much of this applies when you are working mobile from home or just down the street as well.   More at HelpMeWithHIPAA.com/138

At the beginning of 2017 OCR announced several settlements.  Then, the settlement announcements stopped in May as their were leadership changes that continue to happen.  In fact, the only reason this announcement seemed to come out was because it was included in a bankruptcy court filing earlier this month.   For more go to HelpMeWithHIPAA.com/137

Unless you never listen to nerd-speak you have to have heard the discussion about Meltdown and Spectre over the last few weeks. It is a perfect time to talk about what patch management really means in your cybersecurity protections.  We try our best to discuss it with less geek speak and more English.   For more info HelpMeWithHIPAA.com/136

Here we go for another year!  It is amazing that this is the third new year we have covered on HMWH.  There are so many things that have happened over that time and as we head into 2018, so many things to look into our crystal ball and make 7 educated guesses about 2018.  We may not be predicting the future but we both have some opinions about what we see happening out there in the world of HIPAA, privacy, and cybersecurity in the coming months. Get more at HelpMeWithHIPAA.com/135

Is HIPAA compliance expensive?  Or, is it short-sighted to only worry about what HIPAA compliance costs?  A new report from Ponemon Institute, The True Cost of Compliance with Data Protection Regulations, looks at compliance costs across several industries and multinational organizations. The study has a lot of details as we always expect from Ponemon Institute.   Read more at HelpMeWithHIPAA.com/134

Each year Bojan Sabioncello, our audio engineer in Split, Croatia, puts together his blooper roll to mock us.  Granted, he spends the whole year having to listen to us without a chance to respond until now.  This his only chance to respond to a year’s worth of our comments and screw-ups. We will be back next week with a new episode.   Happy Holidays from the whole Help Me With HIPAA team!

As 2017 comes to a close, we are making our lists and checking them twice.  Time to find out who we thought was more naughty than nice this year.  The Naughty List 2017 discussion includes everything from big news data breaches such as Equifax and Uber down to stolen hard drives and password issues.  Feel free to add your naughty list nominations in the comments. More info at HelpMeWithHIPAA.com/133

A new report on phishing was recently released titled: Data Breaches, Phishing, or Malware? Understanding the Risks of Stolen Credentials. The report of findings from a study that was done by Google, University of California, Berkeley, and the International Computer Science Institute.  It was a year-long study of account hijacking, stolen credentials, phishing and malware attacks.  The findings are clear that phishing is a problem in ways we may not have thought before now.  In the study, the researchers followed other hacker methods used against email addresses they found on the darknet sites for sale. The search netted 12.4 million addresses that were determined to be potential victims of phishing kits out of the total 1.9 billion usernames and passwords exposed by data breaches. So, it is obvious that this isn’t a tiny study over a short amount of time. For more info go to HelpMeWithHIPAA.com/132

Recently, we have dealt with our clients struggling with vendors in the vetting process. Particularly, tech vendors of any sort. Many vendors have written off the HIPAA compliance requirements by simply saying “We are SOC2 compliant so you don’t have to worry about anything”. Often that is said by sales and management folks with a great deal of confidence. After spending some time at a recent HITRUST meeting I heard just how many people shouldn’t be so confident when making that statement. As with anything else the devil is in the details. What does SOC2 mean and how can you tell if that really means anything to you? Trust but verify is the key to answering that question for yourself. More info: HelpMeWithHIPAA.com/131

We are enjoying the holiday with our families.  But, we didn't want to miss a chance to share time with our listeners.  Today we are replaying one of our favorite episodes 8 Common HIPAA Myths.

Hard to believe another year is coming to an end. It is time to review 2017 and plan for 2018.  That means it is time to make your list of 5 Things To Do Before Year’s End. Just in case you need some help with that list, we made one for you!   HelpMeWithHIPAA.com/130

Text messaging is often the preferred method of communication for many people today.  It does have great advantages with its simplicity, instant delivery, and convenience.  However, I did not mention security on that list.  Text messaging is not secure by default.  Yes, you can secure it but that requires apps, platforms, and planning.  The bottom line is the communication method most people call text messaging is not secured enough to send and receive PHI without patient authorization to use it. For more info HelpMeWithHIPAA.com/129

Lately, there have been a lot of articles in the "nerd news" services about various problems and vulnerabilities looming on the horizon or happening right now.  Usually, there are one or two in a normal week or so that really get our attention.  The last few weeks though it seems a bit different.  Maybe it is just noise or paranoia created to drive traffic to sites.  But, sometimes it becomes overwhelming enough to take time to step back and look at the details as a whole and determine what you really are seeing here.  So, today we discuss:  is there a cyber storm brewing on the horizon? More info at HelpMeWithHIPAA.com/128

Each year we have done a special scary episode for Halloween.  Last year we took you on a tour of a haunted house.  This year for HIPAA Horror Stories V3 we get to hear a campfire horror story.  So gather around and hear how scary HIPAA mishaps can be for us all! For more info go to HelpMeWithHIPAA.com/127