Help Me With Hipaa

When you think of a power outage happening to you or your business, you probably think of an outage lasting a few hours. Not the case with the recent massive power outage experienced in Moore County NC recently. So, that begs the question, do you have a response plan for experiencing a power outage lasting a week or more?  You should. More info at HelpMeWithHIPAA.com/386

The holidays are upon us and everyone is getting excited about buying presents for friends and loved ones. Cyber criminals are excited too because it means even more opportunities to attack us. Today, we are discussing an article from ZDnet about three new ways attackers are trying to trick you. More info at HelpMeWithHIPAA.com/385

OCR recently released a video on their Recognized Security Practices initiative. The intent is to teach HIPAA regulated entities on what Recognized Security Practices is and what is required to prove its implementation in your organizations. We will review the video today and give you some key takeaways from it. More info at HelpMeWithHIPAA.com/384

As we celebrate Thanksgiving, we thought it would be a good idea to cover three reasons why you should be thankful. Or better yet, three situations you should be thankful that you’re not caught up in…. unless, unfortunately, you are. More info at HelpMeWithHIPAA.com/383  

The healthcare industry is not immune to cyberattacks. In fact, it's one of the most vulnerable industries. To protect patient safety and data security, hospitals and healthcare providers need to implement better cybersecurity measures. Today, we review a paper from the office of Senator Mark Warner (VA) that discusses policy options for the healthcare sector. More info at HelpMeWithHIPAA.com/382

What is your Incident Response Plan?  If you said “Oh, we’ll just call IT,” then you need to listen to this podcast.  We will review the October 2022 OCR Newsletter that discusses nine procedures that entities should consider including in the incident procedures. More info at HelpMeWithHIPAA.com/381

Keeping up on ways to protect your business from a cyber attack can feel intimidating, especially because of the continuously changing methods criminals use to social engineer us. The bottom line is it only takes one click at any time by anyone to open the door to the attackers.  More info at HelpMeWithHIPAA.com/380

As you know, each year we record a Halloween episode.  This year we are covering very scary decisions that have come back to haunt several organizations, including an organization’s decision not to report a cyber attack, an entity that thought they’d just stroke a check for fines assessed and everything would be OK, and a provider who posted PHI on social media. Listen in and learn what NOT to do. More info at HelpMeWithHIPAA.com/379

Do you remember the saying “there’s an app for that”? Apps certainly are cool and convenient, but can you tell whether they are malicious or not? Today, we discuss and give you some vetting tips you can use before you download apps.   More info at HelpMeWithHIPAA.com/378

More and more the healthcare industry is using connected medical devices that do cool things, like creating efficiencies in the delivery of patient care and automating tasks for healthcare providers and their staff.  But, what about the security of these connected devices? Has anyone thought about that? Well, Ponemon and Cynerio did a study on just that topic and the results are very concerning. More info at HelpMeWithHIPAA.com/377

OCR’s right of access initiative keeps on churning with three more cases, making a total of 41 violations of patient right of access so far. Dentists are a known problem when it comes to doing anything for HIPAA privacy and security, including right of access requirements. But, they are quickly learning all about OCR enforcements of HIPAA violations. More info at HelpMeWithHIPAA.com/376

Every year we review the Ponemon Institute’s Cost of a Data Breach report. It's always interesting because we learn that it's not just about the money. We learn what really makes a difference in our privacy and security program, what we can do that can make the biggest positive impact in the overall cost or a data breach and, more importantly, what things make the biggest negative impact. More info at HelpMeWithHIPAA.com/375

We follow a lot of the Ponemon studies. They help us see changes and trends and make better recommendations to our clients. We are going to cover their annual cost of an insider breach study. This global study covers insider incidents and provides five signs your organization is at risk.  More info at HelpMeWithHIPAA.com/374

The ongoing, rapidly changing cyber war has created a need for us to change our viewpoint on cybersecurity.  Yes, we need to worry about cyber hygiene and continue working on ways to secure our systems, networks and data. However, there is also a need to take the “plan for the worst but hope for the best” approach and start focusing on cyber resilience. More info at HelpMeWithHIPAA.com/373

David admits that as a kid he would dumpster dive for “treasures” people threw away. We’ve heard more than once of clients who have gone dumpster diving to retrieve documents containing PHI that were mistakenly thrown away in the regular trash. But, a recent OCR announcement highlights one dermatology group that had quite the trashy privacy violation. More info at HelpMeWithHIPAA.com/372

Should we be questioning other people and vendors we work with about the trust we should have in them? The answer is yes. Are they protecting and securing the patient data we entrust them with?  Trust, but verify is something we talk about a lot. So, I ask you… should you be trusted? And can you prove it? More info at HelpMeWithHIPAA.com/371

Privacy laws are being passed in more and more states every year. Even non-healthcare businesses are finding they must follow privacy laws in the states they do business in. Conducting a privacy assessment is a great way to understand what data you have that needs protecting, what things can go wrong and then, of those things that can go wrong, which ones we can try to prevent. More info at HelpMeWithHIPAA.com/370

In order to protect PHI, you have to know where it is stored and how it comes in, goes out and moves around your organization. This includes marketing analytic tools used on websites and patient portals. They could be transmitting PHI to social media platforms. Very unnerving, right? More info at HelpMeWithHIPAA.com/369

It’s that time again folks! October is Cybersecurity Awareness Month. This year’s theme is “It’s easy to stay safe online” with a weekly focus on key behaviors to help protect your important data. Using these free training tools and practicing basic cybersecurity behaviors, you are much more likely to stay safe online. More info at HelpMeWithHIPAA.com/368

An updated version of the security rule guide that we’ve all been waiting for! NIST has developed a cybersecurity resource guide on implementing the HIPAA Security Rule. It provides key activities, descriptions and sample questions to help covered entities and business associates comply with the HIPAA Security Rule.  This guide has tons of good information in it. So, listen in as we discuss some of the cool stuff we picked out. More info at HelpMeWithHIPAA.com/367