Podcasts about hipaa security

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.   In our latest episode, we chat about how to approach staff HIPAA training after the first year.   We discuss why we don't recommend using the same training year after year (and why our system doesn't allow it); the trainings we typically recommend for year one and why; the trainings we recommend for year two and after and why; and why now is a particularly good time to get started.   Listen here: https://personcenteredtech.com/group/podcast/   For more, visit our website. PCT Training Resources PCT's Role-Based Staff Trainings -- see PCT's role-based HIPAA & ethics, teletherapy, and topical needs-based trainings Foundational HIPAA Trainings -- recommended for year 1; if not done in year 1, use for year 2: Clinical Staff: Privacy Ethics And HIPAA Fundamentals For Mental Health Professionals In The Agency Or Group Practice Context (2 legal-ethical CE) Admin Staff: Practical Application Of HIPAA And Mental Health Ethics For Admin Staff Security Officer: Security Officer Endorsement Program (10 legal-ethical CE) Leadership: Introduction to HIPAA Security for Group Practice Leaders (2 legal-ethical CE) Practical Application Focused Trainings -- available only through Group Practice Care Premium, included for all team members at no per-person cost -- recommended for year 2, if not done in year 1: HIPAA Security Awareness: Bring Your Own Device (BYOD) HIPAA Security Awareness: Remote Workspaces *Select* Topical Needs-Based Trainings -- recommended for year 2 and beyond if foundational HIPAA trainings & practical application focused trainings have been completed -- **see our full curated collection of topical needs-based training section in our marketplace: HIPAA Security Awareness Grab-Bag Rethinking Notes: Strategies For Making Documentation Simple And Meaningful (2 legal-ethical CE) The Evolving Legal-Ethical Standard Of Care For The Clinical Use Of Artificial Intelligence In Mental Health (2 legal-ethical CE) Clinical Staff Teletherapy Training (5 CE, 3 of which is legal-ethical CE) Use PCT's team training management system, provided through Group Practice Care Basic (free!) OR Premium to assign trainings to team members, see progress/completion status, and let PCT take care of assignment notifications and reminders! Additional PCT Resources Group Practice Care Premium + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost) + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more weekly (live & recorded) direct support & consultation service, Group Practice Office Hours, for leadership

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.   In our latest episode, we give group practice owners a heads up about upcoming changes to the HIPAA Security Rule.    We discuss what the focus of these rule changes will be; why the changes are happening; steps you can take to be proactive about HIPAA changes; and PCT's practical tools to help you get on top of things in a manageable way.   Listen here: https://personcenteredtech.com/group/podcast/   For more, visit our website. Resources & Further Information Vital Signs: Digital Health Law Update | Winter 2024 | JD Supra 2024 Update: Regulators Use “Carrots and Sticks” to Incentivize Healthcare Sector Cybersecurity Compliance 3 ways to prepare for impending HIPAA Security Rule updates HHS Unveils Healthcare Cybersecurity Strategy PCT Resources HIPAA Risk Analysis & Risk Mitigation Planning service for mental health group practices -- care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You'll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks. Group Practice Care Premium weekly (live & recorded) direct support & consultation service, Group Practice Office Hours + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost) + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more PCT's Group Practice PCT Way HIPAA Compliance Manual & Materials -- comprehensive customizable HIPAA Security Policies & Procedure and materials templates specifically for mental health group practices. with a detailed step-by-step project plan and guided instructions for adopting & implementing efficiently **includes policy prohibition on use of BCC and CC; workforce forwarding emails from their practice email account to personal email account; data entry checking/not using autofill suggestions for recipients -- the P&P components that address the email gone awry situations we discussed in the podcast episode Policies & Procedures include: Customizable templates that address each of the HIPAA Security Rule Standards. Ready for plug-and-play real practice application. Computing Devices and Electronic Media Technical Security Policy Bring Your Own Device (BYOD) Policy Communications Security Policy Information Systems Secure Use Policy Risk Management Policy Contingency Planning Policy Device and Document Transport and Storage Policy Device and Document Disposal Policy Security Training and Awareness Policy Passwords and Other Digital Authentication Policy Software and Hardware Selection Policy Security Incident Response and Breach Notification Policy Security Onboarding and Exit Policy Sanction Policy Policy Release of Information Security Policy Remote Access Policy Data Backup Policy Facility/Office Access and Physical Security Policy Facility Network Security Policy Computing Device Acceptable Use Policy Business Associate Policy Access Log Review Policy Forms & Logs include: Workforce Security Policies Agreement Security Incident Report PHI Access Determination Password Policy Compliance BYOD Registration & Termination Data Backup & Confirmation Access Log Review Key & Access Code Issue and Loss Third-Party Service Vendors Building Security Plan Security Schedule Equipment Security Check Computing System Access Granting & Revocation Training Completion Mini Risk Analysis Security Incident Response Security Reminder Practice Equipment Catalog + Workforce Security Manual & Leadership Security Manual -- the role-based practical application oriented distillation of the formal Policies & Procedures + 2 complimentary seats of the Security Officer Endorsement Training Program (1 for Security Officer; 1 for Deputy (or future Deputy) Security Officer.

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we talk about ways to prevent HIPAA email breaches in a group practice setting. We discuss common email-related breaches we see for group practices; email and PHI; large vs. small breaches; the implications of having a HIPAA breach; policies and procedures to mitigate email errors; how to send mass client notifications securely; settings to have in place in your email service; and what makes an email service HIPAA compliant. Listen here: https://personcenteredtech.com/group/podcast/ For more, visit our website. PCT Resources PCT's Google Workspace Configuration Learning Center (see part 9, 'the sharing and the forwarding', for tutorial on managing forwarding settings) Free CE course: Introduction to HIPAA Security for Group Practice Leaders (1 legal-ethical CE course) OCR Breach Report Questions  -- know the contents of what is asked/what you need to provide *before* starting the breach report in the OCR's online portal for breach reporting CE course: HIPAA Security Incidents & Breaches: Investigation, Documentation, And Reporting (1.5 legal-ethical CE credit hours) Group Practice Care Premium  for weekly (live & recorded) direct support & consultation, Group Practice Office Hours, with the PCT team + Eric Ström, JD PhD LMHC (monthly) PCT's Group Practice PCT Way HIPAA Compliance Manual & Materials -- comprehensive customizable HIPAA Security Policies & Procedure and materials templates specifically for mental health group practices. with a detailed step-by-step project plan and guided instructions for adopting & implementing efficiently **includes policy prohibition on use of BCC and CC; workforce forwarding emails from their practice email account to personal email account; data entry checking/not using autofill suggestions for recipients -- the P&P components that address the email gone awry situations we discussed in the podcast episode Policies & Procedures include: Customizable templates that address each of the HIPAA Security Rule Standards. Ready for plug-and-play real practice application. Computing Devices and Electronic Media Technical Security Policy Bring Your Own Device (BYOD) Policy Communications Security Policy Information Systems Secure Use Policy Risk Management Policy Contingency Planning Policy Device and Document Transport and Storage Policy Device and Document Disposal Policy Security Training and Awareness Policy Passwords and Other Digital Authentication Policy Software and Hardware Selection Policy Security Incident Response and Breach Notification Policy Security Onboarding and Exit Policy Sanction Policy Policy Release of Information Security Policy Remote Access Policy Data Backup Policy Facility/Office Access and Physical Security Policy Facility Network Security Policy Computing Device Acceptable Use Policy Business Associate Policy Access Log Review Policy Forms & Logs include: Workforce Security Policies Agreement Security Incident Report PHI Access Determination Password Policy Compliance BYOD Registration & Termination Data Backup & Confirmation Access Log Review Key & Access Code Issue and Loss Third-Party Service Vendors Building Security Plan Security Schedule Equipment Security Check Computing System Access Granting & Revocation Training Completion Mini Risk Analysis Security Incident Response Security Reminder Practice Equipment Catalog + Workforce Security Manual & Leadership Security Manual -- the role-based practical application oriented distillation of the formal Policies & Procedures + 2 complimentary seats of the Security Officer Endorsement Training Program (1 for Security Officer; 1 for Deputy (or future Deputy) Security Officer.

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we're diving into Business Associate Agreements (BAAs) for group practice owners. We discuss what a BAA is; who is considered a business associate; how to execute and enforce a BAA; documenting BAAs; evaluating if a BAA is sufficient; why a HIPAA statement is not a replacement for a BAA; precedent for enforcement action from the Office of Civil Rights; and what qualifies under the conduit exception. Listen here: https://personcenteredtech.com/group/podcast/ For more, visit our website. Resources HHS Model Business Associate Agreement HHS SAMPLE BUSINESS ASSOCIATE AGREEMENT PROVISIONS   PCT Resources PCT article: What Is a HIPAA Business Associate?   PCT free CE course: Introduction to HIPAA Security for Group Practice Leaders   PCT's Group Practice PCT Way HIPAA Compliance Manual & Materials -- comprehensive customizable HIPAA Security Policies & Procedure and materials templates specifically for mental health group practices. with a detailed step-by-step project plan and guided instructions for adopting & implementing efficiently       Policies & Procedures include: Customizable templates that address each of the HIPAA Security Rule Standards. Ready for plug-and-play real practice application.   Computing Devices and Electronic Media Technical Security Policy Bring Your Own Device (BYOD) Policy Communications Security Policy Information Systems Secure Use Policy Risk Management Policy Contingency Planning Policy Device and Document Transport and Storage Policy Device and Document Disposal Policy Security Training and Awareness Policy Passwords and Other Digital Authentication Policy Software and Hardware Selection Policy Security Incident Response and Breach Notification Policy Security Onboarding and Exit Policy Sanction Policy Policy Release of Information Security Policy Remote Access Policy Data Backup Policy Facility/Office Access and Physical Security Policy Facility Network Security Policy Computing Device Acceptable Use Policy Business Associate Policy Access Log Review Policy   Forms & Logs include: Workforce Security Policies Agreement Security Incident Report PHI Access Determination Password Policy Compliance BYOD Registration & Termination Data Backup & Confirmation Access Log Review Key & Access Code Issue and Loss Third-Party Service Vendors Building Security Plan Security Schedule Equipment Security Check Computing System Access Granting & Revocation Training Completion Mini Risk Analysis Security Incident Response Security Reminder Practice Equipment Catalog   + Workforce Security Manual & Leadership Security Manual -- the role-based practical application oriented distillation of the formal Policies & Procedures + 2 complimentary seats of the Security Officer Endorsement Training Program (1 for Security Officer; 1 for Deputy (or future Deputy) Security Officer.   Group Practice Care Premium for weekly (live & recorded) direct support & consultation service, Group Practice Office Hours + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing documenting personal & practice-provided devices (for *all* team members at no per-person cost) +  assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing documenting Remote Workspaces(for *all* team members at no per-person cost) + more  

Cathie Brown, Vice President, Consulting Services, Clearwater, speaks with Ryan Higgins, Partner, McDermott Will & Emery, about what a HIPAA Security Rule Risk Analysis (HSRA) is and what it means to conduct an “OCR-compliant” risk analysis. They discuss how an HSRA relates to other security assessments, suggestions for organizations to follow when conducting an HSRA, and the risks of failing to conduct an HSRA. Ryan recently co-authored an article on this topic for AHLA's Health Law Weekly. Sponsored by Clearwater.To learn more about AHLA and the educational resources available to the health law community, visit americanhealthlaw.org.

Steve Ferman is a virtual Chief Information Officer, helping C-level executives and Business Owners understand and align their technology with the goals and needs of their business. Steve is also a Microsoft Certified Systems Engineer, BlockChain Certified, HIPAA Security and Awareness trained. Steve spent 5 years in the United States Marine Corps and currently sits on the Board of Entrepreneur's Organization, Legal Vendors Network. In this podcast you will learn: - The top IT struggles businesses face - How to prepare your business for disasters and outages - Why your infrastructure could be putting your business at risk - The best architecture that businesses should harness - The training your business needs in safety and security Connect with Steve here: Web www.eTegrity.net Blog https://etegrity.net/blog/ Linked In https://www.linkedin.com/in/steveferman/ Instagram https://www.instagram.com/etegrityllc/ Twitter https://twitter.com/steveferman

In statements throughout his tenure as Director of HHS' Office for Civil Rights from 2017-2021, Roger Severino was repeatedly critical of organizations for not performing a risk analysis or taking action to mitigate identified risks, as required by the HIPAA Security Rule. Clearwater Executive Chairman Bob Chaput talks to him about why he's so passionate about this area of HIPAA compliance and previews the more in-depth discussion that will take place during a special web event on Thursday, September 30. Sponsored by Clearwater. 

Welcome solo and group practice owners! We are Liath Dalton and Roy Huggins, your co-hosts of Person Centered Tech. In our latest episode, we're talking about communication challenges that come up in group practice.  We discuss meeting the modern client where they are; the evolution of services to help client communication; client portals; functionality, affordability, and efficiency; the security circle; common security challenges with phone, text, and email services; confidentiality issues vs. availability issues; our free service selection workbook; recommendations for phone service + messaging providers; recommendations for secure email providers; escrow email; and our upcoming presentation that goes more in depth on solutions to communication needs in group practice.  Listen here: https://personcenteredtech.com/group/podcast/ Stay tuned for future episodes! For more, visit our website. Resources Pay-What-You-Can Live Legal-Ethical CE event: Smooth and Secure Use of Phone, Text, Email, and Video to Meet Modern Clients Where They Are: Legal-Ethical and Real-World Considerations Free Service Selection PCT Workbook Free Live Event — 1 Legal-Ethical CE Credit Hours on Risk Management for Group Practices Introduction to HIPAA Security for Group Practice Leaders Group Practice Office Hours (direct support and consultation service from PCT consulting team and teletherapy & HIPAA attorney Eric Strom, JD PhD LMHC)

With alarming magnitude of today's ransomware issues, do you ever wonder if your network is as secure as it should be? The safety and security of your practice and patient data hinges on the quality of your cybersecurity protocols. In addition, effective team training and working with qualified business associates who understand their legal obligations under the law are also critical. Join the Divas for this informative conversation about protecting your practice and your patients!

In this episode of the Next Exec podcast, Ashley sits down with Christa White, Vice President of Customer Success and Services at Protenus, a healthcare compliance analytics platform that empowers health systems to monitor patient privacy and drug diversion through artificial intelligence. Christa shares her journey to Customer Success, the importance of her role and a customer friendly view of the in depth analytics that build trust, uncover patient risk, and identity potential theft and misuse of controlled substances in healthcare organizations. Guest: Christa White is the VP, Customer Success and Services at Protenus. She has been a member of the Protenus team since October 2016. In her time at Protenus, she has grown the Customer Success division from a team of one to a team of six Customer Success Managers (CSMs) and six professional services consultants. Her role involves collaborating across the revenue, product, and technical operations teams to streamline and optimize the customer journey, and crafting meaningful customer relationship management initiatives. She is also the community manager for the Protenus PANDAS (People and Analytics) user group, which hosts quarterly webinars and an annual conference with over 250 compliance professionals at the top healthcare organizations across the country. Prior to Protenus, Christa gained experience in leadership, customer engagement, training, and support for software platforms. She spent eight years at Booz Allen Hamilton as a Senior Technologist. Her experience there ranged from managing a support/training team for thousands of global users to developing and delivering precision technical documentation for DoD clients. Christa holds an MBA from the combined University of Baltimore/Towson University program. She received her BS in Applied Mathematics with a minor in Economics from Loyola University Maryland.Host:Ashley McArthur-Dean is a Senior Consultant at Deloitte the Risk & Financial Advisory practice with a focus in Cyber Data Privacy. She has over ten years of experience in the healthcare industry including privacy monitoring, data governance and project execution. She has experience and knowledge in HIPAA Security and Privacy Rules, compliance, information security, data analytics, risk management and privacy regulations. She previously led the planning and execution of training, workflow, and operational readiness during mergers & acquisitions, supported enterprise-wide compliance and privacy initiatives including audit readiness, program maturity, and access / process controls. Ashley has provided services to clients in the commercial, healthcare, and life sciences industries.Ashley has the Project Management Professional (PMP) certification, is OneTrust Certified, and has her Masters in Business Administration.Support the show (https://www.ewf-usa.com/)

The healthcare industry is slow to change and, at times, even slower to embrace innovation. Fax machines, patient portals, and complicated compliance solutions are everywhere. The challenges of these outdated and vulnerable technologies only make data breaches, HIPAA fines, and cybersecurity threats more prevalent.  On today's episode, Sierra Langston and Michael Mead of The Medical Cost Savings Solution discuss HIPAA compliance, healthcare industry challenges, and unencrypted data transfers.

Welcome solo and group practice owners! We are Liath Dalton and Roy Huggins, your co-hosts of Person Centered Tech. In our latest episode, Liath is joined by Liz Knutsen, one of our PCT Consultants, to talk about why we care about HIPAA security and risk management.  We discuss the sacredness of keeping information private; we compare security practices to inoculation; the likelihood and impact of a breach; having a “why” that keeps us going; breaking down the compliance process into bite sized pieces; the guilt, anxiety, and vulnerability that come up when you’re not compliant; mindfulness during risk analysis; privacy regulations as human rights; the benefits of becoming HIPAA secure; being proactive vs reactive; the comfort and vulnerability of technology; client success stories; and some of the pain points of HIPAA security. Listen here: https://personcenteredtech.com/group/podcast/ Stay tuned for future episodes! For more, visit our website. Resources PCT's Group Practice HIPAA Security Programs Risk Analysis & Risk Mitigation Planning done *for* you    Group Practice Office Hours (direct support and consultation service from PCT and Eric Strom, JD PhD LMHC)      

With over 38 years in technology, as a creator, owner, and operator, Steve Ferman is an insightful visionary in new emerging technologies and future trends.   Steve was among the first online data backup distributors in 2004 and started a successful Channel Reseller program. Steve is a self-motivated innovative thinker with a flair for rallying the troops and have always met and exceeded His goals.  Steve has been involved in helping businesses migrate from brick and mortar offices to the cloud, since 2008, helping people connect from anywhere, anytime over any connection.    Steve and Mitch discuss the IT consulting Steve does for executives and business organizations.  You can also watch a video of their discussion on our YouTube Channel. Steve is also a Microsoft Certified Professional, Microsoft Certified Systems Engineer, Block Chain Certified, HIPAA Security and Awareness trained.  Steve spent 5 years in the United States Marine Corp and Steve Board member of Entrepreneur Organization EO, Legal Vendors Network, Kiwanis, Rotary International. eTegrity, LLC Provides guidance and validation that your technology and IT spending are in alignment with your business goals and vision.  eTegrity provides consulting and advice along with project management and IT oversight of client vendors, to ensure you get the right products and services for the right price.  We manage the entire process so you can do what you do best, run your business. You can download a free IT Security Checklist, compliments of Mr. Ferman! For general more information about the podcast, send an email to info@beinhakerlaw.com To follow Mitch and the podcast, go to linktr.ee/beinhakerlaw. You can subscribe and listen to episodes on Apple Podcasts, Google Podcasts, Amazon Music and most other directories. Please review us whenever possible and thanks for your continued support! Sponsorships and paid guest appearances are available. Connect with us by email or on social media. The Accidental Entrepreneur is brought to you by Beinhaker Law, a boutique business & estates legal practice in Clark, NJ. To learn about shared outside general counsel services and how to better protect your business, visit https://beinhakerlaw.com/fractional-gen-counsel/ Please support our affiliate sponsors (https://beinhakerlaw.com/podcast-affiliates/). Also be sure to visit our new podcast store (https://beinhakerlaw.com/podcast-store/) to purchase affiliate services, guest merchandise and even podcast merchandise.  Yes, we have merch! Digital Accelerant - the digital business card that generates leads. Get a custom branded digital card with information and links to all your social media, email and other information. Text LAW to 21000 to connect with us and request more details. Fetch Internet. Fetch Pro is an app that creates a secure and high-speed mobile internet connection for laptops and desktop computers. Printify - the on-demand print shop to create your own merchandise without cost or the need to house inventory. The Accidental Entrepreneur is a trademark of Mitchell C. Beinhaker. Copyright 2018-2020. All rights reserved.

Hi everyone, this is Sheliza Yacoob from CanadianSME business magazine, please join me in welcoming, Anne Genge CEO of Alexio Corporation, Alexio is Canada's Cyber Risk Solution for Healthcare & Small BusinessAnne is 2020 CDM 'Most Innovative Woman in Cybersecurity'. She is a Certified Information Privacy Professional with a specialization in healthcare. She also holds certifications for HIPAA Security and PCI Compliance. With over 20 years of experience, Anne knows the challenges healthcare providers face with technology. She and her team at Alexio Corporation work with small businesses and healthcare professionals to minimize data risk and keep business systems running smoothly.Alexio is also sponsoring this year's Excellence in Data Privacy & Security award,Data privacy & security are not just legal requirements, enacting them ensures business success and sustainability. The Excellence in Data Privacy & Security Award is given to the company that has proven that data privacy & security are a top priority.Businesses who demonstrate that they have a formal privacy officer, have written policies in place, implement proper network security measures, and invest in security awareness training will be considered for this award, and is the main factor judges will refer to when it comes to choosing the winner.Small Businesses of all industries (who are not IT or security companies) are eligible under this category.Please visit www.smeawards.ca to apply now.

Highlights:  [6:00] The societal climate change towards kindness [21:00] Self-kindness - an expert opinion [28:50] What would a kind world look like?   Meet Randy McNeely: Randy McNeely is a man of many talents. He is an author, speaker, singer, song writer, podcast host, passionate kindness advocate, and kindness leadership coach.   He is the author of the Kindness Givers Formula: Four Steps for making a transformational difference for good.   He’s the host of the Unleash Kindness Podcast.    He’s also working on a reality television show called Kindness Hunters.   Bottom line, Randy is 100% dedicated to kindness and something he calls societal climate change.   He is also an expert in Cybersecurity Risk Assessment and Risk Management as well as HIPAA Security and Privacy.   Now how does someone go from being a Cybersecurity expert to dedicating his life to cultivating kindness on the planet?   We are going to hear a little bit about that journey and dive into the importance of kindness in today’s world. As well as some of Randy’s practical tools and tips that we can all start using today that are guaranteed to help you create the life of your dreams as well as create a world that works for everyone.   Connect with Randy:  www.randymcneely.com https://www.linkedin.com/in/rdmcneely/   ...   Want more InJoy? LinkedIn: https://www.linkedin.com/in/jeffbaietto/ Instagram: jeff.baietto injoyglobal.com   ...   Want to try a revolutionary self-care game? Download InJoy Daily: The Self-Care Game now: iOS: https://apps.apple.com/us/app/injoy-daily-motivation/id1523808851 Android: https://play.google.com/store/apps/details?id=com.brst.injoy

HIPAA security compliance isn’t talked about often in the dental community. But the Office for Civil Rights (OCR) can and are investigating dental offices. If you’re not properly or adequately protecting your patient’s protected health information (PHI) you’re at risk of a hefty fine. In this episode of Talking With The Toothcop, I talk about the HIPAA security rule, business associate agreements, and how a data breach can impact your practice.  Outline of This Episode [1:20] HIPAA Security Compliance [4:43] The HIPAA Security Rule [9:00] Consistently work toward compliance [10:13] The Business Associate agreement  [14:57] Have adequate cyber insurance in place [17:38] Will OCR hit practices harder because of COVID? HIPAA Security Compliance: What a breach looks like I received an email from OCR (AKA the HIPAA Police) titled: “Small healthcare provider fails to implement multiple HIPAA security rule requirements.” So I opened it. Essentially, Metropolitan Community Health Services has to pay a $25,000 fine to OCR and has to adopt a corrective action plan to settle violations. Why? Because on June 9th, 2011—9 years ago—Metro filed a breach report that affected 1,263 patients. The OCR investigation revealed long-standing non-compliance. Metro failed to conduct risk-analysis and failed to implement any security rule policies, procedures, or training until 2016. Providers are supposed to safeguard their patient’s information.  The moral of the story? We need to implement measures so we don’t have to report a breach affecting 500+ people. This is a classic example of where prevention could’ve made a world of difference.  The HIPAA Security Rule The HIPAA privacy rule states that you must have agreements with vendors who have access to information, train your staff properly, and establish notice of privacy practices (how we can use and disclose patient information). The HIPAA Security rule is what people seem to have trouble with. It deals exclusively with the security of protected health information. One of the key components of the rule is to have someone appointed as the security officer. They establish access control for authorized users and set up firewalls, firmware, antivirus programs, updates, etc. They are tasked with risk analysis and mitigation: #1 Identify the potential threats and risks to PHI #2 Address the higher-risk or potential risks areas This is where dental practices have significant gaps and fall short. OCR started conducting audits of covered entities and found that more than ¾ of providers had not addressed security issues or implemented security measures to address the rule. What should security training include? What issues do I see in dental offices? Listen to find out! The Business Associate Agreement You need to understand who your business associates are: Who are the vendors you work with who have access to your patient information? IT people? Coaches or consultants? Software providers? Identify those business relationships and make sure you have a signed Business Associate Agreement (BAA) with them. It’s required before they gain access to your patient information.  Let’s drive the point home: A data backup service was audited by OCR and they were connected back to a medical practice. The medical practice couldn’t produce a BAA—and got slapped with a $30,000 fine. It’s a big deal. There was another case in Florida: A former employee of a business had access to patient PHI. A BAA wasn’t in place and they were fined $150,000.  I don’t want to scare you—I want to motivate you. I want you to understand the importance of addressing these issues. How many tooth fillings, root canals, and crowns would you have to do to cover a $30,000 or $150,000 fine? The preventative measures are worth every minute of your time.  How does cyber insurance play a role? Will they cover fines? Keep listening... OCR takes their job seriously Very few dentists are in compliance. If they were audited by the OCR it would be a blood-bath. While perfection cannot be expected, there’s room for improvement for the industry. You must show consistent and periodic effort. OCR just loves to kick people’s butts, pandemic or not. They are proactive on the educational side and actively involved from a preventative standpoint. But they will take heavy-handed action when there is a breach of compliance. It is so important to protect your patient’s information. Hear all about it in this episode! Resources & People Mentioned Office for Civil Rights (OCR) HIPAA Security Rule Connect With Duane https://www.dentalcompliance.com/ toothcop(at)dentalcompliance.com On Facebook On Twitter On LinkedIn On Youtube

180. What is the HIPAA Security Rule? Intended Audience: EveryoneThe HIPAA Security Rule is related to the HIPAA Privacy Rule, though HIPAA Security Rule covers the safeguards in relation to ePHI. Today's episode, we quickly go over the requirements in the HIPAA Security Rule. Follow us on social media! Twitter: @pharmacyitme Instagram: @pharmacyinformatics LinkedIn: https://www.linkedin.com/company/pharmacyitme/ Website: Pharmacy IT & Me Email: tony@pharmacyitme.com Follow Tony's personal Twitter account at @tonydaopharmd Network with other pharmacists at Pharmacists Connect!http://pharmacistsconnect.com For more information on pharmacy informatics, check out some of the following useful links: ASHP's Section of Pharmacy Informatics and Technology: https://www.ashp.org/Pharmacy-Informaticist/Section-of-Pharmacy-Informatics-and-Technology/ HIMSS Pharmacy Informatics Community: https://www.himss.org/library/pharmacy-informatics Disclaimer: Views expressed are my own and do not reflect thoughts and opinions of any entity with which I have been, am now, or will be affiliated.This podcast is powered by Pinecast.

The annual conference hosted by NIST and OCR Safeguarding Health Information: Building Assurance through HIPAA Security and the repeated message on day one of the conference was “HIPAA is the floor” which started with OCR Dir Severino’s keynote. We always get information at some point that makes these conferences worth the time. What did we get from this one?  More info at HelpMeWithHIPAA.com/228

HIPAA Security Rule requires compliance to protect sensitive medical information. Attorney Brad Trudell, HIPAA Privacy and Security Lead, discusses the HIPAA Security Risk Assessment Process.For more information visit www.metastar.com/sra.

Roy Huggins, LPC, NCC, and prior software engineer, breaks down the HIPAA Security Rule and offers practical insight into HIPAA implementation. Interview.

If you are working security in health care organization then you SHOULD be familiar with regular security risk assessments. If not you should because HIPAA requires regular assessments. One free tool to get you started is from the Office of Civil Rights (OCR) called the HIPAA Security Risk Assessment Tool (SRA). For years the tool has been stagnant but that changed this month when version 3 came out and it's a great update. Release Announcement. Product page and download. Be aware, be safe. Don't forget to subscribe to the Security In Five Newsletter. Send in your Security Horror Stories - bblogger@protonmail.com —————— Where you can find Binary Blogger —————— Podcast RSS Twitter @binaryblogger YouTube, Stitcher Email - contactme@binaryblogger.com

First Healthcare Compliance hosts Raymond Ribble, founder of SPHER Inc. and co-founder of Fusion Systems Co., Ltd. for an interactive discussion on “HIPAA Security Rule - How to Manage Adherence.” Raymond leads this webinar on approaching a Security Risk Assessment and understanding the benefits and impact the audit has within your organization. Educational Objectives: 1. The post HIPAA Security Rule – How to Manage Adherence appeared first on First Healthcare Compliance.

First Healthcare Compliance hosts Raymond Ribble, founder of SPHER Inc. and co-founder of Fusion Systems Co., Ltd. for an interactive discussion on “HIPAA Security Rule – How to Manage Adherence.” Raymond leads this webinar on approaching a Security Risk Assessment and understanding the benefits and impact the audit has within your organization. Educational Objectives: 1.... The post HIPAA Security Rule – How to Manage Adherence appeared first on First Healthcare Compliance.

The healthcare industry is at a crossroads when it comes to technology. Mobile devices and the IoT has given new and innovative ways to stay on top of our health from Fitbits to smartphone pedometers, but the vast amount of data these apps collect on our health is a blessing and a curse. Stephen Wu, a technology lawyer at Silicon Valley Law Group and the author of A Guide to HIPAA Security and the Law, knows that if healthcare data is not handled properly, patients risk having their information lost or stolen, which means healthcare providers risk compliance mishaps and hefty fines.

A discussion covering the issues and misconceptions surrounding the implementation of security measures within the framework of a healthcare practice. The post HIPAA Security- Monitoring Access, Incident Management and Detection appeared first on First Healthcare Compliance.

A discussion covering the issues and misconceptions surrounding the implementation of security measures within the framework of a healthcare practice. The post HIPAA Security- Monitoring Access, Incident Management and Detection appeared first on First Healthcare Compliance.

In this episode Simon chats with Josh Siegel, CTO at Care Cloud. They talk about building HIPPA-compliant software, moving fast and DevOps. This Startup Spotlight is brought to you by Intel and AWS. CareCloud: carecloud.com Architecting for HIPAA Security and Compliance on AWS: https://aws.amazon.com/about-aws/whats-new/2009/04/06/whitepaper-hipaa/

Donna shares information from the 2016 NIST/OCR Annual Conference on Safeguarding Healthcare Information. Learn what she thought was interesting to share with you.   More information at https://HelpMeWithHIPAA.com/78

Last year Sen. Lamar Alexander and Sen. Patty Murray asked for answers to some questions concerning cybersecurity in healthcare.  They were interested in understanding what CMS and HHS were doing to protect patients from fraud.  It seems as though they were wondering if HIPAA security updates where needed.   We discussed the Senators request in episode 31 : https://helpmewithhipaa.com/episode-31-enforcement-efforts-ocr-increase-2016/ Their letter asked: What CMS and HHS is doing to monitor medical identity fraud What is CMS and/or OCR actually doing, if anything, to track cases of ID theft and fraud OCR uses the data collected from covered-entities to monitor potential breach victims and find out if their data have in fact been used by criminals They also want to know whether any education materials or help are offered to breach victims by the CMS and OCR The report was presented to the committee on August 6, 2016 and made public on Sept 26.

MPT Podcast 47 - HIPAA Security Rule and the Impact of the Final Rule, with guest Mike Meikle of Hawkthorne Consulting Group. Mr. Meikle discusses the HIPAA Omnibus Rule and its effect on the Security Rule, and what it means for medical practices. This Issue (5:25): What is the HIPAA Security Rule? How has the HIPAA Final Rule changed the Security Rule? What is the best way to avoid non-compliance issues with the Security Rule? Click the play button to hear the podcast [smart_track_player url="http://mptaudio.s3.amazonaws.com/$emed$podcast/MPT_podcast_47.mp3" title="MPT Podcast 47 - HIPAA Security Rule and the Impact of the Final Rule, with guest Mike Meikle of Hawkthorne Consulting Group." ]

Stephen Wu Stephen Wu is a partner in the Silicon Valley law firm Cooke Kobrick & Wu LLP. He advises clients concerning data security and privacy, electronic commerce, e-discovery, electronic records retention, and digital evidence. His practice also includes technology transactions, intellectual property litigation, and commercial litigation. Before forming CKW, Mr. Wu was VeriSign, Inc.'s second in-house attorney where he was in charge of the company's worldwide policies and practices governing its digital certification secure ecommerce services. Prior to joining VeriSign, Mr. Wu practiced with Jones Day Reavis & Pogue and Kirkpatrick & Lockhart LLP in the areas of computer law, intellectual property, general litigation, and technology transactions. He clerked with a U.S. District Judge in Columbus, Ohio. Mr. Wu was co-chair of the ABA Information Security Committee from 2001 to 2004. He is currently Secretary of the ABA Section of Science & Technology Law. Mr. Wu is a frequent speaker on secure electronic commerce and information security topics, as well as e-discovery, digital evidence, and electronic records retention. He has written or co-written five books on information security, including Guide to HIPAA Security and the Law (ABA 2007), Information Security: A Legal, Business, and Technical Handbook (ABA 2004), Risk Management for Consumer Internet Payments (NACHA 2002) and Digital Signatures (RSA Press 2002). Mr. Wu received a B.A., summa cum laude, from the University of Pittsburgh in 1985, and received his law degree, cum laude, from Harvard Law School in 1988. Lucy Thomson Lucy L. Thomson, J.D., M.S., CIPP/G, has extensive experience as a litigator in complex federal civil and criminal cases and as an expert in information security, privacy, and new technologies. At Computer Sciences Corporation (CSC), a global technology company, she has addressed a wide range of legal, technical, and policy issues in major IT and information sharing programs. This past year, she was appointed Consumer Privacy Ombudsman for three U.S. Bankruptcy Courts to oversee the sale of electronic consumer records. A career U.S. Department of Justice attorney from 1977-2000, Ms. Thomson served in senior positions in the Criminal and Civil Rights Divisions. Ms. Thomson is an ABA Fellow, and represents the D.C. Bar in the ABA House of Delegates. She is a member of the Council of the ABA Section of Science & Technology Law and chairs its Homeland Security Committee. She served on the D.C. Bar Board of Governors, as Bar Secretary and President of the Women's Bar Association and its Foundation. She was the guest editor of the Symposium on Homeland Security in JURIMETRICS: THE JOURNAL OF LAW SCIENCE AND TECHNOLOGY (2007), and is a frequent contributor to the IAPP Privacy Advisor. In recognition of long-time public service, she received the Heroines in Technology Award. Ms. Thomson is a past Alumni Trustee of Andover. She earned a master's degree from Rensselaer Polytechnic Institute (RPI) in 2001, and her J.D. from Georgetown University Law Center. Hoyt Kesterson II Hoyt L. Kesterson II is an Arizona-based technology expert with more than 30 years of experience in the field of information security and related technologies. For 20 years he chaired the international standards group that created the X.509 certificate, a fundamental component in digital signature and securing web transactions. He has been working with the ABA's Information Security Committee for nearly 20 years on the effects of digital data and electronic signature.