Help Me With Hipaa

The allergy practice settlement that was recently announced will be known as the “no comment” settlement in my mind.  As always, there are lessons to be learned from this announcement and the way OCR handled it. This settlement brings up a lot of discussions about handling patient public comments. More at HelpMeWithHIPAA.com/183

There have been several announcements about cybersecurity agencies and offices lately.  Some announcements are from the Department of Homeland Security (DHS) and some are from Health and Human Services (HHS).  What are they talking about and what does it mean to you?   More at HelpMeWithHIPAA.com/182

It is hard to believe we are coming to the end of another year.  Seems like just yesterday we recorded 7 Educated Guesses About 2018.  Today we review our 2018 predictions, ummmm, educated guesses for 2018 and see how we did. More info at HelpMeWithHIPAA.com/181

This holiday we are both taking time off to celebrate with our friends and families.  In our absence, please enjoy a replay of our previous Gift Giving Guide for compliance officers.

Listener message potpourri means we will be hitting several different topics in this episode. We get emails and messages from listeners a lot these days. While we do our best to respond we can't say we are consistent. That is why we do these episodes periodically.  If we've missed yours, don't hesitate to point it out to us in another message.   More info at HelpMeWithHIPAA.com/180

In the recent NIST OCR security conference, a panel member said the terms “HIPAA compliant” and “HIPAA certified” made her cringe.  We agree. The Anthem settlement has a lot of people asking about certifications for cybersecurity since Anthem was technically HITRUST Certified when the hacker first broke into their network.   Let’s talk certifications and what they really mean under HIPAA, shall we? More info at HelpMeWithHIPAA.com/179

The 2015 Anthem data breach could have been a watershed moment for HIPAA privacy and security in many ways. It remains to be seen if the settlement with OCR turns out to be another one. Either way, the historic breach and historic settlement have many lessons for us to learn. Let's discuss Anthem settlement lessons today. More info at HelpMeWithHIPAA.com/178

Time for the annual Halloween episode!  5 horror movie quotes are this year’s theme.  We have 5 horror movie quotes that are matched up to data breach stories. More info at HelpMeWithHIPAA.com/177

We are #CyberAware is the tag for the National Cybersecurity Awareness Month campaign.  Each year this campaign is run by the National Cybersecurity Alliance. In 2018, Kardon, Security First IT,  and HMWH are all signed up to be champions and publish information for the campaign.  Today, we will review what these campaigns are about and how you can use these and more like them to augment your education program. More at HelpMeWithHIPAA.com/176

What should we learn from the recent OCR settlement?  This time it was three settlements in one that related to a fourth.  There is more here than the headline-grabbing dollar amounts. These settlements are the best specific guidance you can get from OCR.  As always, we do the analysis for you! For more info go to HelpMeWithHIPAA.com/175

Often tech folks will say that they understand HIPAA. What that really means is that they understand the technical requirements of HIPAA.  The overconfidence sometimes works against them. Today we cover 3 stories tech should hear. It is important that they learn there is more than just their tech knowledge.

CIS 20 or SANS 20 is the name to reference a list of security controls that are intended to be used in the absence of any framework like NIST or HIPAA requirements. If you are trying to get the most bang for your buck and you know you are way behind on your security program CIS 20 may be the thing for you. For more info go to HelpMeWithHIPAA.com/173

Have you seen the report about consumer online digital trust and what it means to all businesses? The report is The Global State of Online Digital Trust  A Frost & Sullivan White Paper which was commissioned by ca technologies and published in July 2018.  This survey study was done to compare perceptions about consumer trusts that executives and security professionals have vs the actual consumer trust findings when surveying consumers.  Would you believe there is a disconnect across the three perceptions? For more go to HelpMeWithHIPAA.com/172

I can tell you from experience snooping is a serious problem that haunts all entities with health information to protect.  Even if you don’t know it is haunting you, it is. You will learn to fear it eventually. The extent of improper record access goes well beyond what most people imagine.  The image of a healthcare professional keeping patient information confidential is something we all assume is happening. In the real world, most workers know someone who has improperly accessed records if they haven’t done it themselves. More info at HelpMeWithHIPAA.com/171

Securing home networks matters more now than ever before.  We are a very connected society. That creates great opportunities and new challenges every day.  Especially, for those tasked with securing all that connectivity. One opportunity that gets a lot of people talking is teleworking, telecommuting, working remotely, or working from home (WFH) - all seem to mean the same thing to most people.  Our whole company is built on the ability of our systems to be secured and also be able to connect and work from anywhere in the world. Many groups forget to worry about those home networks that are connecting to your office network and even using your office applications, and data on a regular basis. More at HelpMeWithHIPAA.com/170

We live in a world of instant communications.  During a crisis, our normal standards of communications can be very limited.  How many different issues have you addressed for communications in a crisis in your plans?  We mention the business continuity and disaster recovery plans that everyone should have often in episodes. This is just one element of the plan that can make or break the business in a crisis.  If you can’t communicate effectively with each other the chance of you being able to keep things running drops significantly. For more go to HelpMeWithHIPAA.com/169

It may not occur to many of you that a hacktivist should be on your security risk analysis (SRA).  They must be on there in this digital age. You never know what could trigger a hacktivist to focus on your business and put you under attack.  Why you may ask - well we will discuss that now. For more text go to KardonHQ.com/168

The FBI released an alert on July 12 titled Business E-mail Compromise E-mail Account Compromise The 12 Billion Dollar Scam that should be on your radar.  BEC-EAC stands for Business Email Compromise - Email Account Compromise.  If you haven’t learned about this particular threat it is important that you review it and assess the risk it brings to your company.  That’s why we review these increasing threats and what you need to do about them in this episode. For more go to HelpMeWithHIPAA.com/167

We often get questions from both the tech staff and security officers about what should be documented regularly and why it should be done.  There are 3 reports you need to get from your tech team on a regular basis IMHO. Today, we will discuss those three reports, why you need them and what to do with them. More at HelpMeWithHIPAA.com/166

One of the discussions you must always be prepared to have is that size does not matter when it comes to privacy and security issues.  Does size matter? Not as much as most people think and not in the ways that most people think either. More at https://HelpMeWithHIPAA.com/165