Podcasts about security risk analysis

In five minutes, we break down what HIPAA really expects from your organization in 2025.From your Security Risk Analysis to employee training, access controls, audit logs, and business associate agreements—this is the real-world checklist regulators are looking for. We'll explain each core requirement, how enforcement is evolving, and offer practical tips to keep your compliance efforts focused and manageable.Learn more about Medcurity here: https://medcurity.com#Healthcare #Cybersecurity #Compliance #HIPAA 

With the end of the year approaching, now's the time to take a close look at any potential vulnerabilities within your organization. An annual Security Risk Analysis demonstrates your commitment to data and system protection, while also reassuring customers and meeting compliance standards.  Tune in to the latest episode of The Medcurity Podcast to learn more about why now is the time to complete your SRA. Need assistance with this task? Reach out to our team here: https://medcurity.com/contact-us/ #Healthcare #Cybersecurity #Compliance #HIPAA #SecurityRiskAnalysis

Send Bidemi a Text Message!In this episode, host Bidemi Ologunde spoke with Joe Gellatly, the CEO and Co-Founder of Medcurity, a Security Risk Management company based in Spokane, Washington. Medcurity helps healthcare organizations gain clarity and confidence in their cybersecurity and compliance programs. The Medcurity team is trusted by hospitals and clinics across the United States to conduct their HIPAA-required Security Risk Analysis annually, utilizing a proprietary, AI-powered platform.Support the Show.

What is a Security Risk Analysis, why is it important, and how should you effectively conduct one? We address all of these questions in our latest episode of The Medcurity Podcast.  Learn more about Medcurity here: https://medcurity.com

Join us as we debunked some common myths about what Security Risk Analysis isn't and then cruise through the seven essential steps to conduct a complete and thorough SRA for any organization. It's not just a one-off IT review or a checkbox on compliance forms—it's an ongoing, dynamic process. From identifying what you need to protect to managing how you protect it, each step builds on the last to fortify your defense against the digital wild west.  More info at HelpMeWithHIPAA.com/462

Jeffery Daigrepont interviews Dan Stewart, the president of Jackson Health Tech Advisors, one of our partners providing cybersecurity advisory services. Dan has been in the healthcare information technology and services industry for more than 30 years, with the last ten years focused on cybersecurity risk management and mitigation services. That includes a Cyber Liability Insurance Services program we will discuss today.   Podcast Information  Follow our feed in Apple Podcasts, Google Podcasts, Spotify, Audible, or your preferred podcast provider. Like what you hear? Leave a review! We welcome all feedback from our listeners. Email us questions on any of the topics we discuss or questions about issues that interest you. You can also provide recommendations on matters for future episodes.  Please email us: feedback@cokergroup.com Connect with us on LinkedIn: Coker Group Company Page Follow us on Twitter: @cokergroup Follow us on Instagram: @cokergroup Follow us on Facebook: @cokerconsulting   Episode Synopsis  The last two years have seen a new era of cyber-attacks with increased hacker sophistication, a propensity to pay in ransomware cases, and a geopolitical environment that has upended the cyber insurance market in general, particularly in healthcare. In 2020, healthcare-related cyber-attacks increased by more than 55%, of which ransomware attacks comprised 28% of the total. According to Cybersecurity Ventures, in 2021, the US healthcare system lost $21 billion caused by ransomware attacks alone. Covid-19 further exposed the weaknesses in healthcare cybersecurity systems as the industry was forced to institute or expand telehealth services and remote working functions rapidly. These factors caused significant losses for the insurance carriers that were providing cyber insurance resulting in several major market changes that are affecting healthcare providers.   Extras Key Elements of a Cyber Liability Insurance Policy for Healthcare Providers Cybersecurity Tips Episode 57: HCIT: Security Risk Assessment Episode 103: What is a Security Risk Analysis, and Why Do I Need One? Contact Jeffery Daigrepont

DeAnn Tucker and Roz Cordini join Mark Reiboldt to explain the need for a security risk analysis within healthcare organizations. Many organizations are missing one critical component when performing a security risk analysis. Learn what elements organizations usually miss and how to conduct a security risk analysis properly.   Podcast Information Follow our feed in Apple Podcasts, Google Podcasts, Spotify, Audible, or your preferred podcast provider. Like what you hear? Leave a review! We welcome all feedback from our listeners. Email us questions on any of the topics we discuss or questions about issues that interest you. You can also provide recommendations on matters for future episodes.  Please email us: feedback@cokergroup.com Connect with us on LinkedIn: Coker Group Company Page Follow us on Twitter: @cokergroup Follow us on Instagram: @cokergroup Follow us on Facebook: @cokerconsulting   Episode Synopsis Did you know Health and Human Services requires an annual security risk analysis? If a breach of information occurs, OCR will request the last 2-3 years of security risk analyses to verify your organization has performed the analysis and taken steps to implement the remediation plan. Aside from the requirement, performing a security risk analysis also safeguards electronic protected health information (ePHI) by identifying potential vulnerabilities before a criminal exploits them. Click to listen to the episode.   Extras Security Rule 45 CFR 164.308 Guidance on Risk Analysis Requirements under the HIPAA Security Rule 5 Mistakes Covered Entities and Business Associates Made During a Security Risk Analysis

Alexa speaks with Ari Van Peursem, the National Partner Manager at Medcurity on some practical strategies for an efficient, budget-friendly security risk analysis. Hear the top three biggest time wasters that are occurring when practices conduct SRAs, and get recommendations for practice managers to simplify the SRA process.

"We need more science in Cyber Security"  David Hechler, TAG Cyber Law Journal Threat modeling should be step 0 of any security architecture but often goes completely unconsidered. This episode features Terry Ingoldsby, a veteran cyber risk professional, physicist, computer scientist and inventor of Securitree. Ingoldsby created the attack tree development platform because he felt cyber security assessments should be defendable rather than just the educated opinion of assessor.Despite being the inventor, there is no sales pitch. Terry, Tim and Doug talk risk, engineering, business cases and why there is no AI magic when it comes to identifying events that could end your organization. 

Every day healthcare organizations are being slapped with fines and court rulings for something that is so avoidable. In this episode we discuss the Security Risk Analysis and common trends that we have seen. We offer tips and advice on how to conduct a thorough and accurate SRA, and what you can do to reduce your risk of exposure.

In the latest Podcast, we bring on HIPAA Expert and Industry Leader Chris Wheaton from Abyde.   The Abyde software solution is the easiest way for any sized dental practice to implement and sustain comprehensive HIPAA compliance programs. Abyde’s revolutionary approach guides dentists through mandatory HIPAA compliance requirements such as the Security Risk Analysis, HIPAA training for doctors and staff, Business Associate Agreement portal, customized policy documentation, and more!   Use Promo code Darkhorse10 to receive 10% off your Abyde subscription.

S-RM's Lenoy Barkai speaks with our Head of Political and Security Risk Analysis, Cvete Koneska, on why organisations should take geopolitical risks seriously in the midst of a global pandemic. Read the article: https://insights.s-rminform.com/global-pandemic-geopolitical-risk

Vanessa Bisceglie discusses the many services offered to healthcare providers by CareVitality, a subsidiary of EHR & Practice Management Consultants, Inc. Vanessa is highly specialized in Cybersecurity, Care Management, Ambulatory Healthcare IT and MACRA/ Quality Payment Program which has two pathways: MIPS and APM where she guides her team of consultants and care managers to assist providers in their transition to value-based care and performs Security Risk Analysis for over 100+ clients in the last 10 years. These are all the main focus areas of CareVitality. She founded CareVitality to help providers transform their practices by optimizing their existing technology and provides additional care teams to improve patient outcomes and generate additional revenue to their practice while staying focused what truly matters to providers which is providing patient care. CareVitality continues to offer cybersecurity support many of their clients nationally as well. Visit www.hpr.fm to listen to more podcast episodes about health.

There is a frequent issue with people understanding what a Security Risk Analysis includes. In fact, there is so much confusion we often see documents presented as a risk analysis that is actually a gap analysis. It happens so often that OCR is trying to address it in their April newsletter. We are going to take a stab at explaining what gap analysis reports look like vs what a security risk analysis report really includes when done properly. For more information: HelpMeWithHIPAA.com/154

Daehee Park & JT Marino. The two founded Tuft & Needle with the idea that it is possible to create high quality products and charge a fair price to customers.  Launched in 2012 by two software engineers, Tuft & Needle was the first vertically integrated ecommerce mattress company to focus on selling one perfect product: an unbeatable mattress at an unbeatable price. With a background in ecommerce and marketing, prior to Tuft & Needle Daehee Park served as a consultant at Acxiom Corporation. Daehee received his bachelor’s degree in Security & Risk Analysis at Penn State University. John-Thomas (“JT”) Marino leads product and software development. With a passion for thoughtfully designed customer experiences, JT started his career at Hashrocket helping startups build just that. With roots in Northeastern Pennsylvania, JT studied Computer Science at Penn State University.   Startup Grind is Brought to You By:    Soylent: Easy, sustained energy that goes where you go. Learn more at Soylent.com

ONC recently published an updated guide for Privacy and Security of Electronic Health Information.  This episode David and Donna discuss what that guide calls the Seven-Step Approach for Implementing a Security Management Process. Links Guide to Privacy and Security of Electronic Health Information FindHealthcareIT HIPAAforMSPS.com Kardon Compliance Notes The 7 Steps Step 1: Lead Your Culture, Select Your Team, and Learn Assign your officers, make sure they are trained, show compliance is a top down commitment Step 2: Document Your Process, Findings, and Actions If you can't prove it then it didn't happen. Document your decisions, plans and activity Step 3: Review Existing Security of ePHI (Perform Security Risk Analysis) Review or perform your Security Risk Analysis and current security assessment Step 4: Develop an Action Plan The plan needs to address all the things you identified in your assessments, policies, and procedures Step 5: Manage and Mitigate Risks This is where your project management skills come into play making sure you have addressed all the risks in your Analysis and new ones aren't showing up Step 6: Attest for Meaningful Use Security­Related Objective If you are attesting make sure you have done the previous steps Step 7: Monitor, Audit, and Update Security on an Ongoing Basis Remember it isn't a project that has a beginning and ending date 

  we discuss some common myths (or points of confusion) surrounding HIPAA compliance requirements. Glossary Myth is a widely held but false belief or idea. Links HealthIT.gov Top 10 Myths of Security Risk AnalysisHealthIT.gov Guide to Privacy and Security of Electronic Health Information Analysis Notes Providers are not allowed to share information about a patient with others unless authorized by the patient to do so. False. Providers can share: With anyone the patient identifies as a caregiver When the information is directly relevant to the involvement of spouse, family member, friends, or caregivers. (Ebola for example) When necessary to notify a caregiver about a change in condition or location of a patient (as long as the patient doesn't object) When in the best interest of the patient regardless of their ability to object or not The security risk analysis is optional for small providers and business associates. False. Everyone is required to abide by the Security Rule which specifically requires a security risk analysis. A checklist will suffice for the risk analysis requirement. False.Checklists are tools for doing the analysis and gathering your data but they aren't enough to meet the risk analysis requirement. A Security Risk Analysis must include three main elements (according to OCR guidance): A. Identification of all PHI sourcesB. Human, electronic and environmental threats to the PHIC. Review of current security measures to protect the PHI from those