Help Me With Hipaa


Sinopsis is a collaboration between Kardon Compliance founder, Donna Grindle, and founder, David Sims. Our mission is to share our Privacy and Security knowledge with those who are required to understand, implement, and manage the complex Privacy and Security requirements of HIPAA compliance.Our work with CEs and BAs inspired us to launch the service to provide information about the complex requirements of HIPAA in a relaxed manner without using too much legalese or geek speak. As the podcasts programs progress we will cover topics about that include sorting through the requirements as well as real world examples of the procedures used, both good and bad.Join us as we do our best to create a show where HIPAA and humor collide!


  • 5 Signs Your Org Is At Risk - Ep 374

    23/09/2022 Duración: 47min

    We follow a lot of the Ponemon studies. They help us see changes and trends and make better recommendations to our clients. We are going to cover their annual cost of an insider breach study. This global study covers insider incidents and provides five signs your organization is at risk.  More info at

  • New Goal: Cyber Resilience - Ep 373

    16/09/2022 Duración: 55min

    The ongoing, rapidly changing cyber war has created a need for us to change our viewpoint on cybersecurity.  Yes, we need to worry about cyber hygiene and continue working on ways to secure our systems, networks and data. However, there is also a need to take the “plan for the worst but hope for the best” approach and start focusing on cyber resilience. More info at

  • Trashy Privacy Violations - Ep 372

    09/09/2022 Duración: 41min

    David admits that as a kid he would dumpster dive for “treasures” people threw away. We’ve heard more than once of clients who have gone dumpster diving to retrieve documents containing PHI that were mistakenly thrown away in the regular trash. But, a recent OCR announcement highlights one dermatology group that had quite the trashy privacy violation. More info at

  • Should You Be Trusted? - Ep 371

    02/09/2022 Duración: 54min

    Should we be questioning other people and vendors we work with about the trust we should have in them? The answer is yes. Are they protecting and securing the patient data we entrust them with?  Trust, but verify is something we talk about a lot. So, I ask you… should you be trusted? And can you prove it? More info at

  • Privacy Assessments - Ep 370

    26/08/2022 Duración: 45min

    Privacy laws are being passed in more and more states every year. Even non-healthcare businesses are finding they must follow privacy laws in the states they do business in. Conducting a privacy assessment is a great way to understand what data you have that needs protecting, what things can go wrong and then, of those things that can go wrong, which ones we can try to prevent. More info at

  • Amazon, Facebook, and PHI oh my! - Ep 369

    19/08/2022 Duración: 31min

    In order to protect PHI, you have to know where it is stored and how it comes in, goes out and moves around your organization. This includes marketing analytic tools used on websites and patient portals. They could be transmitting PHI to social media platforms. Very unnerving, right? More info at

  • Free Training Tools 2022 - Ep 368

    12/08/2022 Duración: 43min

    It’s that time again folks! October is Cybersecurity Awareness Month. This year’s theme is “It’s easy to stay safe online” with a weekly focus on key behaviors to help protect your important data. Using these free training tools and practicing basic cybersecurity behaviors, you are much more likely to stay safe online. More info at

  • New Security Rule Guide Coming - Ep 367

    05/08/2022 Duración: 42min

    An updated version of the security rule guide that we’ve all been waiting for! NIST has developed a cybersecurity resource guide on implementing the HIPAA Security Rule. It provides key activities, descriptions and sample questions to help covered entities and business associates comply with the HIPAA Security Rule.  This guide has tons of good information in it. So, listen in as we discuss some of the cool stuff we picked out. More info at

  • OCR Mic Drops With 12 Cases - Ep 366

    29/07/2022 Duración: 01h19s

    OCR recently announced the resolution of 12 investigations. Eleven were for patient right of access violations and one was a big dollar settlement of a security incident at Oklahoma State University Center for Health Services. Lots to cover and learn in this episode. So, pay attention, folks. More info at

  • 660 Providers Hit At Once - Ep 365

    22/07/2022 Duración: 50min

    Today’s podcast episode is all about why we worry about supply chain issues, why we keep talking about the HiC SCRiM guidance, and why the first day of the PriSec Boot Camp is supply chain risk management. We’ll review several supply chain breaches, one where there were 660 providers hit at once. As you probably have guessed, these breaches involved ransomware attacks. More info at

  • 6 Vendor Transition Tips - Ep 364

    15/07/2022 Duración: 45min

    It can be a stressful time when you are adding a new vendor or switching vendors for your critical services.  This is the time to create a plan and do a risk analysis to make sure everything gets transitioned and set up properly. Things can go wrong if there’s no plan in place. Today, we review some tips to help you prepare for a vendor transition. More info at

  • Cyber Insurance Applications Are Intense - Ep 363

    08/07/2022 Duración: 54min

    When you're shopping for cybersecurity insurance, the applications can be intense. You'll need to provide a lot of details about your current security protections, and you may be asked to complete a security audit. This is because insurance companies want to be sure that they're not insuring businesses that aren't doing everything they can to protect themselves from cyber attacks. This episode we discuss what questions you may encounter on your cyber insurance applications.

  • 4 Ransomware Stats For Planning - Ep 362

    01/07/2022 Duración: 38min

    Ransomware tactics are constantly changing. Understanding the protections we use today will not be enough down the road is key. We must constantly adjust and adapt our security protections to protect against these attacks. Today, we are going to discuss ransomware stats and key points from two recent reports that can help you create a response plan for ransomware attacks. More info at

  • No More Passwords FIDO - Ep 361

    24/06/2022 Duración: 49min

    We use passwords for everything. Creating a unique, secure password for every website and application is hard to remember, right? So, why hasn’t someone figured out how to get rid of passwords? Well, today we are going to talk about the FIDO password killer solution. More info at

  • What Would You Do? - Ep 360

    17/06/2022 Duración: 47min

    How many of us know what we don’t know, or at least, willing to admit we don't know what we don't know? Today, we are going to find out as we cover a few potential data breach scenarios and ask “what would you do - report it or not?”  More info at

  • 6 Takeaways 2022 Verizon DBIR - Ep 359

    10/06/2022 Duración: 53min

    Today, we are going to give you our six takeaways from the 15th annual Verizon Data Breach Investigation Report. We like these reports because they give us an indication of what's going on in the cyber world, what we need to be looking for and looking out for. More info at

  • How Do They Get In? - Ep 358

    03/06/2022 Duración: 49min

    We get this question all of the time:  How do they get in?  How do the bad guys get in and attack my network? Seems like a simple question, right?  Well there’s not always a clear cut answer.  The first thing you need to understand is that cybersecurity isn't a problem you solve. It's a chronic condition that you have to manage.  More info at

  • MSP Customer Alert - Ep 357

    27/05/2022 Duración: 55min

    Recently, a Cybersecurity Advisory was released worldwide to MSPs and their customers. We will take a look into what this guidance is, how it applies, and what needs to be done about it.  This is BIG and we all better be paying attention. More info at

  • Everybody get on board! - Ep 356

    20/05/2022 Duración: 52min

    Everybody get on board because data security laws keep getting signed in states each year. The new Maryland and Kentucky data security laws are designed to help protect insurance companies from cyber attacks by implementing cybersecurity standards, developing, implementing, and maintaining a written information security program. Their service providers are also required to implement such programs which include a requirement to report cyber security incidents within 3 days of discovery. For more details go to

  • 10 Roles of Operational Continuity - Ep 355

    13/05/2022 Duración: 59min

    Incident response planning is important to every business. You don’t want to figure out how to manage the business and respond to an incident on the fly.  These plans should be reviewed and updated regularly. Today we review a brand new guide from the Healthcare & Public Health Sector Coordinating Council on Operational Continuity - Cyber Incident. More info at

página 1 de 20