Help Me With HIPAA-logo

Help Me With HIPAA

Business & Economics Podcasts >

HIPAA is not about compliance, it's about patient care.

HIPAA is not about compliance, it's about patient care.
More Information


United States


HIPAA is not about compliance, it's about patient care.




Insider Breaches Everywhere - Ep 221

When working on a plan for this episode I had two different sources drop some insider breach issues in my lap. When I added those to the news stories we are already following involving insider issues, it was clear the topic was meant to be. Multiple cases and reports are out — the topic I must cover is because I am reading about insider breaches everywhere around me. More at


National Cybersecurity Awareness Month Workforce Training - Ep 220

October is National Cybersecurity Awareness Month (NCSAM) and it is a perfect tool to feature security awareness with your workforce and clients. You can not beat an opportunity to run a month long awareness program that provides EVERYTHING you need for free. Today we discuss what the program includes and how to use it in your office. More at


Six fifty is not required - Ep 219

We discussed the patient rights to access medical records a few episodes ago. Since then, a new study came out that says a majority of providers are not complying with patient medical records requests. I have also gotten more questions about law firms demanding to pay only $6.50 for medical records requests. We are discussing these issues with specifics about fees for patient requests in this episode. More at


7 Questions To Ask IT - Ep 218

When you work with outsourced IT or Managed Service Providers (MSPs) you need to vet them closely to make sure they truly do understand what HIPAA requires from your organization. Here are seven questions to ask your IT team about HIPAA. For more info go to


Cost of a Data Breach 2019 Study - Ep 217

The Ponemon Institute has produced an annual study of data breach costs. This is the 14th year. We have used it as a guide for a lot of information over the years. The data has consistently been helpful for us to understand what are the key drivers in data breach costs, remediation, and response. If you can find what the major factors include, it is a great way to determine your priorities in investing resources with the biggest impact. Let’s see what we learned from the 2019 version...


Who is a Business Associate? - Ep 216

Who is a business associate? A listener asked for an episode on it. Turns out we haven't done one since episode 2. Wow! So, maybe there is more we have to add to that topic in 2019 after 214 other episodes. Today, let’s talk about how to determine who is your Business Associates or BA. More info at


Listener Questions and Input - Ep 215

We have gotten a flurry of listener questions and comments lately. Since it is so much easier to do an episode based you listener questions that writing up a whole plan we are definitely doing those today. We really do read and respond to as many as we can. So here we go. More info at


CCPA and HIPAA Require Consideration - Ep 214

If you haven’t heard of it before there is a thing called the California Consumer Privacy Act (CCPA). It is considered the first version of a GDPR-type legislation on this side of the pond. It becomes effective Jan 1, 2020. There are many folks that think the CCPA isn’t something for them to worry about. Well... Maybe you should take a second to reconsider that position. More at


5 Medical Records Uses and Disclosures Rules - Ep 213

Today we discuss 5 medical record uses and disclosures rules that I have been covering recently in training. Medical records are always around for those of us in healthcare. It is so easy to forget that the rules apply to more than just data breaches and social media. There are some very basic concepts that people who have been dealing with medical records for years are surprised to learn. Here are five of them we use the most. More at


Cybersecurity Tips and Trends - Ep 212

We need to keep up with our education just like everyone else to keep up with cybersecurity tips and trends. Donna hit some training at SecureWorld and sat in on a 6-hr online seminar offered by Dark Reading. All of that thinking and learning means we have cybersecurity tips and trends to share in this episode. This is not just for those who worry about HIPAA. More info at


Consider ransom payments BEFORE attacks - Ep 211

The debate continues in ransomware attacks, do you make the ransom payment or not? Lately, we have seen many payments being announced. This should be in your incident response plan ransomware playbook. These decisions should be discussed now, not when an attack happens. What are the pros and cons to paying and what should be in your ransomware response plans? More info on Help Me With HIPAA blog post.


False Claims Settlement - No Risk Analysis - Ep 210

False claims settlements over meaningful use money have popped into the news again. The provider was sued by whistleblowers and the DOJ for not doing a security risk analysis but attesting to one to get the meaningful use payments anyway. There is whistleblower's angle in this case which makes it even more interesting. If you know anyone that has received any meaningful use money they should check out this episode! More info at


Specific BA Liabilities - Ep 209

This new BA guidance from OCR is important because it defines clearly all the things we hear misstated over and over. Several of our Top 10 Wrong HIPAA Statements episode are addressed in the simple ten item list. Today we will discuss the announcement and what does that mean to BAs and their privacy and security programs. More info at


Vendor Pays $1 Million Plus 5 Yr Action Plans - Ep 208

The multi-state settlement with Medical Informatics Engineering makes the OCR settlement seem like a cake walk. The vendor agrees to pay OCR $100,000 with a standard 2-year corrective action plan. The states get $900,000 plus 5 years of very specific corrective action requirements. Vendors need to pay attention to this case and take appropriate action now. More info at


How do you sanction? - Ep 207

Sanction policies are often vague or even overlooked in many privacy and security programs. The whole point of a sanction policy is to list out the consequences for failure to follow our policies and procedures. With a vague or non-existent policy consequences aren’t clear which leads to a lack of concern for failure to follow the policy in the first place. You will never build a culture that worries about protecting information without it being clear that is a requirement for inclusion in...


Maturity Assessments - Ep 206

Maturity is something we expect from respected folks or grown folks but what about your privacy and security program, do you check it’s maturity? You have all of these plans, policies, procedures, and training but is it actually meeting your needs? Time to talk maturity assessments. More at


No PHI exposed. Really? - Ep 205

The latest HIPAA violation settlement with OCR was announced recently. Ironically, the settlement with Touchstone Medical Imaging was for $3,000,000 and announced just after the reduction of maximum penalties was announced by HHS. Just how bad was this violation to get hit with this level of penalties plus the 2-year corrective action plan? More at


HIPAA Penalties Dropping - Ep 204

Headlines everywhere are telling us all that the HIPAA penalties are being “slashed” or “capped” or “reduced”. What is the real story and what does it mean to the rest of us? Great time to talk about what you should consider if you think you will be facing any HIPAA penalties. More info at


3 Supply Chain Security Stories - Ep 203

We have talked many times about vetting business associates. When people talk about supply chain security it isn’t just the business associate you contract with you have to worry about. It is all the vendors that they use. Today we are going to review 3 supply chain stories that explain how complex your supply chain unbeknownst to you. More at


Smile You Are On Camera - Ep 202

We are all being watched. Cameras are everywhere today. With the advent of dashcams, home security camera systems, CCTV in cities and businesses we are caught on camera somewhere every day. What does that mean when you have privacy concerns to address like, I don’t know, HIPAA? More info