Help Me With Hipaa

If you saw the movie Catch Me If You Can then you know some of Frank Abagnale's story.  Maybe you even read his book Catch Me If You Can: The True Story of a Real Fake.   Tom Hanks said "Abagnale’s lecture may be the best one-man show you will ever see."   He WAS NOT KIDDING!   The famous con man in his youth eventually became a white hat working for the FBI and others to combat fraud and ID theft for over 40 years. Now, he works as a consultant, writer, and speaker on the subject as he continues working with the United States Government   The information he shared with us during his #HIMSS17 session blew us away.  That means we have to tell you guys about it! Learn more at https://HelpMeWithHIPAA.com/94

The first full day of HIMSS17 HIPAA had a big session. It featured Deven McGraw, Deputy Director for Health Information Privacy at the HHS Office for Civil Rights (OCR).  She is also Acting Chief Privacy Officer for the Office of the National Coordinator for Health IT (ONC).  Clearly, it was one of the sessions at the top of the list for us to attend.  We got there early enough to be perched on the front row.  In this episode, we review what McGraw covered in her session and our thoughts on it. For more details and timestamps go to HelpMeWithHIPAA.com/93

HIPAA news stories are sometimes so short we need to bundle them together. Some listeners questions are also addressed today. So, we have a little bit of everything in this episode. So stick with us as we go through our HIPAA hodge podge. For more details go to HelpMeWithHIPAA.com/92

What is HIPAA privacy anyway? The annual reporting deadline for little breaches is up at the end of Feb. That means all those little privacy violations in 2016 must be reported on the HHS website soon if you haven't already done it. Since those little ones often mean so much more than the big ones it made me think it would be a good time to talk about privacy. A recent bizarre case in an Atlanta suburb made me realize just how much we value our privacy but may not realize it until it has been taken from us. More at HelpMeWithHIPAA.com/91

OCR continues releasing new settlement agreements on their new pace. There have been two announced in January 2017. We have no idea what will happen now but since these two brought in over $2.6m there may not be a reason we will see them stop their pace. As always, we believe in learning from other's mistakes (not schadenfreude, though). Time to learn what these two can teach us.... HelpMeWithHIPAA.com/90

More reasons to have this coverage pop up every day. Whether it is your own business risk management or those required by a business partner in a contract, all businesses should at least evaluate getting cybersecurity coverage. To help us share information on that we have a guest on this episode. Interview with John Miller II, Founding Principal, Sterling Risk Advisors 

We reviewed the OCR/HHS list of common HIPAA compliance myths when we first started the podcast. Their list is so long that it spread across 3 episodes. Those episodes are still fairly popular today. For today, though, we are covering our own list of common HIPAA compliance myths that we hear. Common HIPAA Compliance Myths Our list may be very similar to all the other lists out there but it is important to cover those because they are clearly STILL being passed along. Why do we keep hearing the same things over and over?   More at HelpMeWithHIPAA.com/88

At the beginning of 2016, we did some speculation about what the year would be like in the cybersecurity and HIPAA worlds.  Today we plan to review how we did for 2016 and explain expect healthcare breaches continue in 2017. More at https://HelpMeWithHIPAA.com/87

We've talked before about HIPAA showing up in lots of other places. That trend has continue. Now, you will see HIPAA questions on cyber security insurance applications, certification programs from other entities, and now in payment model reforms. Today we are going to talk a little bit about MACRA and HIPAA requirements. If you don't know what MACRA, APMs, and MIPS is all about we may not cover enough to explain it all be we will certainly touch on MACRA and HIPAA crossing paths starting in 2017. More information at HelpMeWithHIPAA.com/86

Last January, we did an episode with a 2016 Compliance Management Plan.  We even created a reminder poster for it you could download.  The episode was about providing a compliance management plan guideline for compliance officers who are trying to find a way to fit this in your with all your other job duties. That episode was very popular and the poster was downloaded by new folks even in December.   This episode reviews that compliance management plan and adds a bit more to it for "extra credit".   We also added a second poster and compliance management plan for a more aggressive approach than just the bare minimum. Get the downloads and more information at HelpMeWithHIPAA.com/85

Every day it seems we read about more healthcare cyber attacks.  As the news keeps breaking with more details on the wide variety of cases, we have plenty of work to do just to keep up.  Today, there are so many cases to talk about we couldn't even decide what to call the episode. More details at https://HelpMeWithHIPAA.com/84

Listen in to outtakes from this year's episodes.  We need something lighter to celebrate the holidays!

For a change there was a bipartisan bill passed with some big impacts on healthcare.  HIPAA 21st Century Cures Act implications are, of course, our focus.  Today, we review some thoughts on the bill that was signed into law this week. More notes at https://HelpMeWithHIPAA.com/83

Recorded during our first live broadcast, this episode covers several OCR announcements.  We start with the OCR phishing alert.  Followed by that we discuss OCR's guidance that said you should consider multi-factor authentication in your risk analysis.   There have also been more resolution agreements that we haven't covered on an episode so we hit those, as well.   Since it was a live show we also take some questions! For more: https://HelpMeWithHIPAA.com/82

Phishing attacks in healthcare are on the rise just like every other industry. However, unlike many other targets, phishing attacks in healthcare have a much higher return on investment if the phisherman gets anyone to take the bait. We've talked multiple times how healthcare is now a major target for hackers. Then, it only makes sense that we will see a continued rise in efforts aimed at phishing attacks in healthcare. Types of phishing: Phishing - spray and pray - grab an email list and let it rip - big net phishing Spear phishing - Aimed directly at you. Everything makes it look like it should be in your email meant for you from someone you know Whaling - Pointed directly at upper management of a company with an urgent business matter Soft targeting - send to people with a certain job that they would expect, like HR gets a resume but financial team gets a spreadsheet Telephone phishing - Just call you up and act like they should be asking you for login information  For more info: https://HelpMeWithHIPAA

We are holding episode 81 for ransom during the Thanksgiving holiday.  For our black Friday episode we hope you enjoy this replay of our most popular episode. Stay tuned! Episode 81 will be released next Friday.  We will be discussing the different types of phishing, how they work and how you can resist the bait.

In early Oct the long awaited guidance on HIPAA Compliant Cloud was released by HHS / OCR. There wasn't a lot of shocking information for us since it just restated, maybe more clearly, that cloud services providers (CSPs) must sign a BAA and meet certain obligations as a BA. Hopefully, this will address all the cases where some CSPs would use "slight of hand" with phrasing to claim they didn't have to be a HIPAA compliance cloud provider. The amount of "all ya gotta do is" type of misinformation only makes things harder to get done. Let's look at what the guidance addressed.   For more details go to HelpMeWithHIPAA.com/80

This week is basically part 2 from last week.  We left off just before reviewing the OCR audits and enforcement updates announced at the NIST / OCR Security Conference 2016.   Get more details at HelpMeWithHIPAA.com/79

Donna shares information from the 2016 NIST/OCR Annual Conference on Safeguarding Healthcare Information. Learn what she thought was interesting to share with you.   More information at https://HelpMeWithHIPAA.com/78

We tour the HIPAA haunted house in this year's Halloween episode! Cybersecurity has become a big concern over the last 18 months. Breaches in 2015 have given way to ransomware along with more daring breaches in 2016. What is really happening on your computers, networks, and the Internet every second is terrifying in several ways. There are plenty of amazing and good things happening at the speed of light but so are the bad ones..... For more details go to HelpMeWithHIPAA.com/77