6 Takeaways From The Filming Settlements

What should we learn from the recent OCR filming settlements?  This time it was three settlements in one that related to a fourth.  There is more here than the headline-grabbing dollar amounts.  These settlements are the best specific guidance you can get from OCR....

3 Stories Techs Should Hear

Understanding all of the technical workings of networks and computers is one thing.  Often tech folks will say that they understand HIPAA but what that really means is they understand the technical requirements of HIPAA.  The overconfidence sometimes works against...

CIS 20 and HIPAA

CIS 20 or SANS 20 is the name to reference a list of security controls that are intended to be used in the absence of any framework like NIST or HIPAA requirements.  If you are trying to get the most bang for your buck and you know you are way behind on your security...

How Much Does Trust Matter In Healthcare?

Trust for businesses, especially, healthcare could be the difference maker between success and failure. Have you seen the report about consumer online digital trust and what it means to all businesses? The report,  The Global State of Online Digital Trust  A Frost...

Snooping Is A Serious Problem

I can tell you from experience snooping is a serious problem that haunts all entities with health information to protect.  Even if you don’t know it is haunting you, it is.  You will learn to fear it eventually.  The extent of improper record access (which we will...

Securing Home Networks

Securing home networks matters more now than ever before.  We are a very connected society. That creates great opportunities and new challenges every day.  Especially, for those tasked with securing all that connectivity.  One opportunity that gets a lot of people...

Crisis Communications Plans

We live in a world of instant communications.  During a crisis, our normal standards of communications can be very limited.  How many different issues have you addressed for communications in a crisis in your plans?  We mention the business continuity and disaster...

Cybersecurity Naughty List 2017

As 2017 comes to a close, we are making our lists and checking them twice.  Time to find out who we thought was more naughty than nice this year.  This cybersecurity naughty list discussion includes everything from big news data breaches such as Equifax and Uber down...

Five Phishing Findings From Google

A new report on phishing was recently released titled: Data Breaches, Phishing, or Malware? Understanding the Risks of Stolen Credentials. The report of findings from a study that was done by Google, University of California, Berkeley, and the International Computer...

SOC2 certification is not HIPAA compliance

Recently, we have dealt with our clients struggling with vendors in the vetting process.  Particularly, tech vendors of any sort.  There is a belief that SOC2 covers them for HIPAA.  Many vendors have written off the HIPAA compliance requirements by simply saying “We...

5 Things To Do Before Year’s End

It is hard to believe another year is coming to an end. It is time to review 2017 and plan for 2018.  That means it is time to make your list of 5 Things To Do Before Year’s End. Just in case you need some help with that list, we made one for you! HIPAA For MSPs by J....

Text Messaging Is Not Secure

Text messaging is often the preferred method of communication for many people today.  It does have great advantages with its simplicity, instant delivery, and convenience.  However, I did not mention security on that list.  Text messaging is not secure by default....

Is There A Cyber Storm Brewing On The Horizon?

Lately, there have been a lot of articles in the nerd news services about various problems and vulnerabilities looming on the horizon or happening right now.  Usually, there are one or two in a normal week or so that really get our attention.  The last few weeks...

HIPAA Horror Stories 2017

Happy Halloween from the Help Me With HIPAA team!  Each year we have done a special scary episode for Halloween.  Last year we took you on a tour of a haunted house.  This year for HIPAA Horror Stories V3 we get to hear a campfire horror story.  So gather around and...

Social Media, Marketing, and HIPAA

When it comes to social media, marketing, and HIPAA things can get a little dicey. There are certainly many cases where using social media has gone awry in health care cases.  However, when handled correctly, you can actually use social media, marketing, and HIPAA in...

Onboarding and Termination Checklists

Onboarding and termination checklists are often treated as a paperwork hassle.  However, we have seen many times where taking the time to attend to those hassles could have saved time, money and closed open security holes that are very dangerous.  HIPAA requires us to...

Talking To The Boss About HIPAA

How do you talk to the boss about HIPAA? That is a regular question we get around here.  The staff responsible for compliance gets trained and understands what needs to be done but they don’t get leadership support.  Over the years we have had to have those...

OCR Audit Updates Phase 2

During the NIST OCR HIPAA Security Conference we covered in the last two episodes, there was also a session on OCR Audit Updates. OCR gave an update on the information gleaned so far from the compliance desk audits that were started in 2016. Their presentation...