Help Me With Hipaa


Sinopsis is a collaboration between Kardon Compliance founder, Donna Grindle, and founder, David Sims. Our mission is to share our Privacy and Security knowledge with those who are required to understand, implement, and manage the complex Privacy and Security requirements of HIPAA compliance.Our work with CEs and BAs inspired us to launch the service to provide information about the complex requirements of HIPAA in a relaxed manner without using too much legalese or geek speak. As the podcasts programs progress we will cover topics about that include sorting through the requirements as well as real world examples of the procedures used, both good and bad.Join us as we do our best to create a show where HIPAA and humor collide!


  • 6 Steps for Vendor Management - Ep 317

    13/08/2021 Duración: 40min

    Managing your vendors, or your supply chain, has become increasingly more important these days.  As we’ve seen in the news just in the last several months, data and system breaches can come as a result of the vendors you work with.  So, we felt like it was time to revisit this topic by reviewing the recent update to the HIC SCRiM guide that includes 6 steps for vendor management. More info at

  • 2021 Data Breach Cost Report - Ep 316

    06/08/2021 Duración: 36min

    Every year we cover the most recent report released on the cost of a data breach.  No surprise from this year’s report that the cost continues to rise. And healthcare breaches cost the most across all industries.  Listen in as we go through IBM’s Cost of Data Breach Report 2021. More info at

  • New Breach Notification Bill - Ep 315

    30/07/2021 Duración: 47min

    There’s a new data breach notification bill in Congress that will affect the business community as a whole, not just healthcare. It will create a new data breach disclosure requirement for federal agencies, federal contractors and critical infrastructure companies. It’s time to let folks know when breaches happen. We can’t protect ourselves from things we don’t know about. More info at

  • Cyber Sqwerl - Ep 314

    23/07/2021 Duración: 41min

    There is so much happening in the cyber world today that we couldn’t decide on just one topic to cover in this episode.  So, we will be jumping around and covering a lot of different cyber topics, hence the title of the podcast, Cyber Sqwerl. So, listen fast folks… we’ve got a lot to cover. More info at

  • MSPs Attacked Again - Ep 313

    16/07/2021 Duración: 49min

    Summertime, holidays and long weekends, where many of us are taking time off, are prime times for cyber attacks.  The bad guys are counting on people being in a hurry and letting their guard down so it’ll make it easier to suck you into their attack.  July 4th 2021 was no different.  An MSP was attacked by cyber criminals.  Although this is still an active incident, we will cover what we know in today’s podcast. More info at

  • Offshore or Not? - Ep 312

    09/07/2021 Duración: 40min

    Offshore services are a popular option for many businesses. The ability to work around the clock from different sides of the planet is one thing but the cost savings are the primary driving force for this solution. When it comes to HIPAA Business Associates, though, there are a lot of variables that must be considered when deciding whether to offshore or not. More at

  • SMB Security Best Bets - Ep 311

    02/07/2021 Duración: 46min

    Securing your business is not always the easiest thing to do nor the cheapest.  Today we will review a Cisco study on small and medium sized businesses and their security best bets. In other words, the things that you can do that will help you to most likely attain success and get you the most bang for your buck. More info at

  • DOL Cybersecurity Guidance - Ep 310

    25/06/2021 Duración: 01h04min

    The Department of Labor (DOL) Employee Benefits Security Administration (EBSA) issued its very first cybersecurity guidance in April 2021and they sound remarkably like all the things that we recommend doing under HIPAA, HICP and the NIST cybersecurity framework.  Let’s check it out! More info at

  • Is it really that bad? - Ep 309

    18/06/2021 Duración: 58min

    They say ignorance is bliss.  Ignorance can also leave you vulnerable to cyber attacks and patient safety issues. As we see news about cyber attacks coming from everywhere, you might ask “Is it really that bad?” Yes, yes it is. And it continues to get worse. More info at

  • Maturity Model Matters - Ep 308

    11/06/2021 Duración: 53min

    Privacy and security should be a part of all organizations day-to-day activity and company culture.  But how do you know how mature your privacy and security program really is? By using one of the many maturity models.  Today, we are discussing the new DoD Cybersecurity Maturity Model Certification (CMMC) that breaks controls into levels so you can see what implementation level or maturity level your program is at any given moment.   More info at

  • Peachstate Not A Peachy OCR Settlement - Ep 307

    04/06/2021 Duración: 52min

    It’s been a while since we’ve reviewed an OCR settlement that wasn’t about the patient right of access initiative. Things are a changin', and in more ways than one. OCR announced the Peachstate settlement just this week that got our attention.  How this case ended up being investigated in the first place is interesting. And as usual, the headline doesn’t tell the whole story.  So, let’s dive in and check it out.  More info at

  • 6 Points In Cyber Executive Order - Ep 306

    28/05/2021 Duración: 56min

    One of the biggest security problems on the Internet is a ransomware attack.  Ransomware can impact all our lives.  Just take the Scripps Health and Colonial Pipeline ransomware attacks that we discussed in recent podcast episodes. Last week we gave you 6 tips for planning for a ransomware attack. And today we are going to discuss 6 points from the recently released cybersecurity Executive Order. More info at

  • 6 Ransomware Planning Tips - Ep 305

    21/05/2021 Duración: 55min

    Ransomware is just not going away. Falling victim to a ransomware attack will have a BIG impact on you, your business, your clients and your patients.  So, today we share some ransomware planning tips.  It’s important to know what things you should be doing and should at least consider so that you don’t get caught with your proverbial “pants down.” More info at

  • Privacy Questions Everywhere - Ep 304

    14/05/2021 Duración: 58min

    We’ve talked about how damaging a ransomware attack can be in healthcare, not only for the practice or health facility but also for patients and the integrity and availability of their data.  Today, we discuss an active ransomware attack affecting a health system that is not just making the local news, but also is blowing up on social media and creating a number of privacy concerns.  The implications for their patients is terrifying. More info at

  • HIPAA Compliant Apps - Ep 303

    07/05/2021 Duración: 46min

    We’ve all seen the websites of companies that claim to have a “HIPAA compliant” app, product or service.  But does that really mean anything?  The short answer is NO!  There is no such thing.  Today, we answer a listener question about products and services with these types of claims.  And, as you can imagine, we have a lot to say about this topic.   More info at

  • Get Your Patch On - Ep 302

    30/04/2021 Duración: 39min

    We talk about patching pretty frequently on the podcast, but there is still a misconception that your IT or MSP team is patching everything. Systems are not designed to patch all hardware and software all of the time. There is a level of responsibility that falls on us to understand what is being patched by IT, what isn’t and what we do about those unpatched applications. More info at

  • What is Basic Cyber Hygiene - Ep 301

    23/04/2021 Duración: 50min

    Basic Cyber Hygiene is a fairly new term, but I realized we have mentioned it several times over the last few weeks. What do we really intend people to see when we talk about it? That may be helpful if we think it would solve most of our cyber attack problems, huh. More info at

  • Caveat Discussion - Data Privacy and Security - Ep 300

    16/04/2021 Duración: 59min

    Hard to believe that this is our official 300th episode! We are still a tiny podcast in a huge sea but we are pretty sure you can not find a longer running podcast about HIPAA Privacy and Security. To celebrate we have some very special guests, Dave Bittner and Ben Yellen from the CyberWire Caveat podcast. They are  joining us for a discussion about where we all see things going in the future for data privacy laws and cybersecurity protections.  More info at

  • HIPAA Summit 2021 News Part 2 - Ep 299

    09/04/2021 Duración: 54min

    Each year the National HIPAA Summit 2021 is a regular event for us. It was held last year just before the shutdown. The event this year was loaded with discussions about what had happened in the previous 12 months and the massive list of things happening in the next 12 months. That is A LOT of HIPAA! Today we cover part 2 of news of note from the conference. More at

  • HIPAA Summit 2021 News Part 1 - Ep 298

    02/04/2021 Duración: 01h04min

    If you are a regular listener of the podcast, you know how Donna loves to “HIPAA-geek out” over the HIPAA Summit each year.  Things are no different this year as the virtual conference stretched 3 full days and another half day.  Needless to say Donna got TONS of information to share - so much so we won’t be able to fit it all in this one podcast.  So, let’s get to Part 1 of the HIPAA Summit 2021. More info at

página 1 de 17