Help Me With HIPAA-logo

Help Me With HIPAA

Business & Economics Podcasts >

HIPAA is not about compliance, it's about patient care.

HIPAA is not about compliance, it's about patient care.
More Information


United States


HIPAA is not about compliance, it's about patient care.




We are #CyberAware - Ep 176

We are #CyberAware is the tag for the National Cybersecurity Awareness Month campaign. Each year this campaign is run by the National Cybersecurity Alliance. In 2018, Kardon, Security First IT, and HMWH are all signed up to be champions and publish information for the campaign. Today, we will review what these campaigns are about and how you can use these and more like them to augment your education program. More at


6 takeaways from the filming settlements - 175

What should we learn from the recent OCR settlement? This time it was three settlements in one that related to a fourth. There is more here than the headline-grabbing dollar amounts. These settlements are the best specific guidance you can get from OCR. As always, we do the analysis for you! For more info go to


3 stories techs should hear - Ep 174

Often tech folks will say that they understand HIPAA. What that really means is that they understand the technical requirements of HIPAA. The overconfidence sometimes works against them. Today we cover 3 stories tech should hear. It is important that they learn there is more than just their tech knowledge.


CIS 20 and HIPAA - Ep 173

CIS 20 or SANS 20 is the name to reference a list of security controls that are intended to be used in the absence of any framework like NIST or HIPAA requirements. If you are trying to get the most bang for your buck and you know you are way behind on your security program CIS 20 may be the thing for you. For more info go to


How much does trust matter in healthcare? - EP 172

Have you seen the report about consumer online digital trust and what it means to all businesses? The report is The Global State of Online Digital Trust A Frost & Sullivan White Paper which was commissioned by ca technologies and published in July 2018. This survey study was done to compare perceptions about consumer trusts that executives and security professionals have vs the actual consumer trust findings when surveying consumers. Would you believe there is a disconnect across the three...


Snooping is a serious problem - Ep 171

I can tell you from experience snooping is a serious problem that haunts all entities with health information to protect. Even if you don’t know it is haunting you, it is. You will learn to fear it eventually. The extent of improper record access goes well beyond what most people imagine. The image of a healthcare professional keeping patient information confidential is something we all assume is happening. In the real world, most workers know someone who has improperly accessed records if...


Securing home networks - Ep 170

Securing home networks matters more now than ever before. We are a very connected society. That creates great opportunities and new challenges every day. Especially, for those tasked with securing all that connectivity. One opportunity that gets a lot of people talking is teleworking, telecommuting, working remotely, or working from home (WFH) - all seem to mean the same thing to most people. Our whole company is built on the ability of our systems to be secured and also be able to connect...


Crisis Communications Plans - Ep 169

We live in a world of instant communications. During a crisis, our normal standards of communications can be very limited. How many different issues have you addressed for communications in a crisis in your plans? We mention the business continuity and disaster recovery plans that everyone should have often in episodes. This is just one element of the plan that can make or break the business in a crisis. If you can’t communicate effectively with each other the chance of you being able to...


Are hacktivists on your SRA? - Ep 168

It may not occur to many of you that a hacktivist should be on your security risk analysis (SRA). They must be on there in this digital age. You never know what could trigger a hacktivist to focus on your business and put you under attack. Why you may ask - well we will discuss that now. For more text go to


BEC-EAC the latest threat to your business - Ep 167

The FBI released an alert on July 12 titled Business E-mail Compromise E-mail Account Compromise The 12 Billion Dollar Scam that should be on your radar. BEC-EAC stands for Business Email Compromise - Email Account Compromise. If you haven’t learned about this particular threat it is important that you review it and assess the risk it brings to your company. That’s why we review these increasing threats and what you need to do about them in this episode. For more go to...


3 reports from IT that you need - Ep 166

We often get questions from both the tech staff and security officers about what should be documented regularly and why it should be done. There are 3 reports you need to get from your tech team on a regular basis IMHO. Today, we will discuss those three reports, why you need them and what to do with them. More at


Does size really matter? - Ep 165

One of the discussions you must always be prepared to have is that size does not matter when it comes to privacy and security issues. Does size matter? Not as much as most people think and not in the ways that most people think either. More at


How to save money in a data breach - Ep 164

Want to know how to save money in a data breach? You have to have a plan before you have the data breach to keep you from making costly mistakes. Everyone knows a data breach can be expensive but there are studies that show us what makes them more expensive and what helps you save money. The annual Ponemon cost of a data breach study has been published. IBM sponsors the study each year and it is one of the best tools for us to prepare for the cost of a data breach. If you have any valuable...


Do you know where your logs are? - Ep 163

Our most downloaded episode Is from way back in May of 2016. HIPAA Access Logs Audits was our 54th episode. It is hard to believe it was that long ago! Today we are doing a deeper dive into how many layers exist when it comes to access logs to see if you have thought of all of them. Which of the logs really matter and what do you do with them? For more go to


Messaging Failures Times 3 - Ep 162

We all live in a world that revolves around communication tools today. Messaging failures are often the reason privacy breaches occur. In fact, we have 3 to share with you today. Messaging failures can occur in ways you never dreamed of until it happens to someone you know - not you, of course. Today’s episode covers 4 different stories about messaging failures. For more go to


MD Anderson Loses OCR Challenge - Ep 161

OCR continues setting examples with the recent announcement of the $4,348,000 civil money penalty (CMP) that they imposed on MD Anderson. A review of the details shows us once again that the enforcement of HIPAA obligations is not something they decide to do in a willy-nilly way. It is specific and designed to set examples of what is expected. Most headlines are about that $4.3 million in penalties but to us, that is not what is the most interesting and important thing to note in this...


Managing Medical Devices - 4 steps plus a bonus - Ep 160

Medical device inventory is a challenge for most organizations. Just as with computers and mobile devices, though, you can’t understand your risks and security requirements if you don’t know what you have out there. A medical device treasure hunt is what it turns out to be when you make a dedicated effort to find them all in your organization. How do you find them all and how do you worry about protecting them all? More information at


OCR Investigations - What do they ask - Ep 159

It happens out of the blue. You get a letter that tells you that there has been a complaint filed and an investigation has been opened by OCR. That may not be the best day of your life. Just the thought of opening one of those letters can make some people feel queasy. If you have ever experienced that moment you don’t have it high on your lists of things to do again. Let’s review the kinds of things you may be asked to answer when under and investigation. For more go to...


Network Security Alerts For Everyone - Ep 158

In the past few weeks, the nerd news has been full of network security alerts and discussions about issues potentially lurking on every network, especially smaller ones. These are not the things we normally worry about either. You usually think Windows, Office, Adobe, etc patches are the main alerts to worry about on your network. These are new alerts that could be in every network you use including home, public wifi, and work. Per usual, we are here to explain them as best we can - in...


Cyber Experts Agree We Are Not Alone - Ep 157

Secureworld Atlanta just finished up. Turns out cyber experts do agree about many of the same issues we discuss here. Two days of discussions amongst CISOs, ISOs, security techies, etc. about what to worry about and what to do for cyber protections. Yes, there was a lot of really nerdy discussions but the good news is the central themes do not require geek speak to share with you. Learn more at