Cybersecurity Naughty List 2017

As 2017 comes to a close, we are making our lists and checking them twice.  Time to find out who we thought was more naughty than nice this year.  This cybersecurity naughty list discussion includes everything from big news data breaches such as Equifax and Uber down...

Five Phishing Findings From Google

A new report on phishing was recently released titled: Data Breaches, Phishing, or Malware? Understanding the Risks of Stolen Credentials. The report of findings from a study that was done by Google, University of California, Berkeley, and the International Computer...

SOC2 certification is not HIPAA compliance

Recently, we have dealt with our clients struggling with vendors in the vetting process.  Particularly, tech vendors of any sort.  There is a belief that SOC2 covers them for HIPAA.  Many vendors have written off the HIPAA compliance requirements by simply saying “We...

5 Things To Do Before Year’s End

It is hard to believe another year is coming to an end. It is time to review 2017 and plan for 2018.  That means it is time to make your list of 5 Things To Do Before Year’s End. Just in case you need some help with that list, we made one for you! HIPAA For MSPs by J....

Text Messaging Is Not Secure

Text messaging is often the preferred method of communication for many people today.  It does have great advantages with its simplicity, instant delivery, and convenience.  However, I did not mention security on that list.  Text messaging is not secure by default....

Is There A Cyber Storm Brewing On The Horizon?

Lately, there have been a lot of articles in the nerd news services about various problems and vulnerabilities looming on the horizon or happening right now.  Usually, there are one or two in a normal week or so that really get our attention.  The last few weeks...

HIPAA Horror Stories 2017

Happy Halloween from the Help Me With HIPAA team!  Each year we have done a special scary episode for Halloween.  Last year we took you on a tour of a haunted house.  This year for HIPAA Horror Stories V3 we get to hear a campfire horror story.  So gather around and...

Social Media, Marketing, and HIPAA

When it comes to social media, marketing, and HIPAA things can get a little dicey. There are certainly many cases where using social media has gone awry in health care cases.  However, when handled correctly, you can actually use social media, marketing, and HIPAA in...

Onboarding and Termination Checklists

Onboarding and termination checklists are often treated as a paperwork hassle.  However, we have seen many times where taking the time to attend to those hassles could have saved time, money and closed open security holes that are very dangerous.  HIPAA requires us to...

Talking To The Boss About HIPAA

How do you talk to the boss about HIPAA? That is a regular question we get around here.  The staff responsible for compliance gets trained and understands what needs to be done but they don’t get leadership support.  Over the years we have had to have those...

OCR Audit Updates Phase 2

During the NIST OCR HIPAA Security Conference we covered in the last two episodes, there was also a session on OCR Audit Updates. OCR gave an update on the information gleaned so far from the compliance desk audits that were started in 2016. Their presentation...

NIST OCR Security Conference Part Deux

This is the second episode covering the things David has to share from the NIST OCR Security conference: Safeguarding Health Information. There are many great points he picked up. As we review them, we keep coming back to the reminder that HIPAA is about patient care...

NIST and OCR Security Conference

The NIST and OCR annual security conference has come around again.  This year, David attended the conference via webcast and shares his notes on the first day of the conference. Before the conference discussion, however, we have to touch on the announcement from...

Disaster Recovery Preparations

We recorded this Disaster Recovery Preparations episode on the day that Harvey was hitting Houston and had no idea just how bad that disaster would eventually become for those on the gulf coast.  On the day we publish this episode, we are both personally involved in...

Should I Use A Local, Data Center, Or Cloud Server?

Every time we discuss HIPAA server security issues it opens a debate about where is the best place to keep your servers.  There are three options that we are going to discuss today. Should I use a local, data center, or cloud server under HIPAA? Help Me With HIPAA by...

What Is Reasonable And Appropriate?

The HIPAA legal reference and guidance mentions reasonable and appropriate all over the place. Many times that concept creates confusion. How do you determine what is reasonable or appropriate for any environment? HIPAA For MSPs by David Sims What is Reasonable &...

Alexa Plus HIPAA Plus Other Questions

Alexa plus HIPAA is a rabbit hole we thought about avoiding.  But sometimes you are just destined to discuss a topic you try to avoid.  When that question came in this week on top of the ones we had already planned to cover it was just too perfect.  So this episode...

Security Incident Investigations Find More Than Expected

Sometimes following the news lets you find things like security incident investigations with interesting details.  But, these cases were different than most.  Even better than that, we learned how a fish tank help hackers!  There were just too many parts of these...

Incident Response Plans V2

Incident response plans have been a topic of our show several times. But, these days we just can’t get enough of a good thing! Actually, there is a reason we are covering it in this episode.  I was reviewing a Business Associate Due Diligence from a software...

Compliance Officer Personal Liability?

Compliance officer personal liability for the compliance of the company. Is that a thing? The recent settlement with a compliance officer says maybe so. The May 2017 settlement agreement between the Treasury Department’s Financial Crimes Enforcement Network...

OCR Cyber Newsletter: Mic Drop For Cloud Providers

The monthly OCR Cyber Newsletter for June had some interesting points.  The fact that OCR mentions multiple times and in multiple ways that they do not endorse, certify, or recommend specific technology or products should serve as their “OCR mic drop...

NotPetya, Windows, and Ransomware

This is not another episode about preventing and responding to the NotPetya ransomware. There are countless articles about those topics.  We are discussing the bigger picture today.  In this episode, NotPetya, Windows, and Ransomware, we discuss what happened in the...

Breach Reporting Costs and Decisions 2017

Breach reporting costs in 2017 are proving to be something you should understand before a crisis, not after the crisis hits.  In June, the NY State Attorney General announced a settlement with CoPilot, a healthcare services company that illegally deferred notice of...