Podcasts about security rule

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we share a how-to guide for managing role-based access and shared accounts with HIPAA in mind.  We discuss: How to audit system access in your practice Defining roles and responsibilities to determine access Managing shared email accounts with email delegation The difference between email aliases and delegated accounts Steps to take when systems don't allow for multiple logins Listen here: https://personcenteredtech.com/group/podcast/ For more, visit our website. Resources HHS FAQ: Does the Security Rule permit a covered entity to assign the same log-on ID or user ID to multiple employees? PCT Resources PCT Article: The Risk No One Talks [Enough] About: Shared Admin Accounts… And What To Do About It (with action items list) Free CE course for group practice leaders: Introduction to HIPAA Security for Group Practice Leaders (1 legal-ethical CE credit hour) Group Practice Care Premium weekly (live & recorded) direct support & consultation service, Group Practice Office Hours -- including monthly session with therapist attorney Eric Ström, JD PhD LMHC + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost) + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more HIPAA Risk Analysis & Risk Mitigation Planning service for mental health group practices -- care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You'll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks. PCT's Comprehensive HIPAA Security Compliance Program (discounted) bundles: For Group Practices For Solo Practitioners

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we explain why shared admin accounts are a security concern under HIPAA and what you can do about it.  We discuss: Why shared accounts are a no-no, and why it's such a common practice The HIPAA standards that are impacted by this practice The internal and external risks of sharing admin accounts The why and what of role-based access control Listen here: https://personcenteredtech.com/group/podcast/ For more, visit our website. Resources HHS FAQ: Does the Security Rule permit a covered entity to assign the same log-on ID or user ID to multiple employees? PCT Resources Free CE course for group practice leaders: Introduction to HIPAA Security for Group Practice Leaders (1 legal-ethical CE credit hour) Group Practice Care Premium weekly (live & recorded) direct support & consultation service, Group Practice Office Hours -- including monthly session with therapist attorney Eric Ström, JD PhD LMHC + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost) + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more HIPAA Risk Analysis & Risk Mitigation Planning service for mental health group practices -- care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You'll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks. PCT's Comprehensive HIPAA Security Compliance Program (discounted) bundles: For Group Practices For Solo Practitioners

In the final installment of our three-part series on healthcare privacy, Voices in Health Law host Ramana Rameswaran is joined by Adam Greene of Davis Wright Tremaine and Jaysen Park of VMG Health for an in-depth discussion on the Biden administration's proposed updates to the HIPAA Security Rule. The conversation explores the motivations behind the overhaul, including growing cybersecurity threats and enforcement challenges, and examines the implications for covered entities and business associates—particularly smaller healthcare practices. The episode also highlights practical steps regulated entities can take now to prepare, despite the uncertain regulatory future.

I spoke with Bryan Marlatt, Chief Regional Officer at CyXcel, a business advisory focusing on cybersecurity. Episode Resources Connect with Arundhati Parmar aparmar@medcitynews.com https://twitter.com/aparmarbb?lang=en https://medcitynews.com/   Review, Subscribe and Share If you like what you hear please leave a review by clicking here Make sure you're subscribed to the podcast so you get the latest episodes. Click here to subscribe with Apple Podcasts Click here to subscribe with Spotify Click here to subscribe with Podbean Click here to subscribe with RSS

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we're sharing recent developments related to teletherapy and Medicare, HIPAA's proposed Security Rule changes, and cross-jurisdictional Compacts.  We discuss: Expanded telehealth flexibilities and waivers for Medicare and where things currently stand Reactions to the proposed Security Rule updates Making updates even when they aren't required to safeguard client info and your practice Timelines for applications opening for the Counseling Compact and the Social Work Licensing Compact  Our upcoming CE training on Cross-Jurisdictional Teletherapy Practice in 2025 Listen here: https://personcenteredtech.com/group/podcast/ For more, visit our website. Resources American Telehealth Association: No Shutdown For Telehealth As Congress Passes Spending Bill To Keep The Government Open, Including Critical Telehealth Extensions, ATA Action Celebrates Vote Health IT Security News Article: MGMA, CHIME ask Trump to rescind proposed HIPAA Security Rule Counseling Compact: "Applications for Counseling Compact privileges to practice are expected to open in late summer or early fall 2025." Social Work Licensure Compact: "Multistate License Applications Open – Target Date of Fall 2025 Once the data system is operational in states and the commission has finalized all necessary rulemaking, applications will be made available for social workers to apply for a multistate license. Once eligibility is confirmed by the home state, all fees are paid, and a social worker is granted a multistate license, they will be able to practice in all other member states of the compact without any further steps necessary." PCT Resources New PCT *Live & Recorded* Legal-Ethical CE training: Navigating Legal-Ethical Cross-Jurisdictional Teletherapy Practice in 2025: A Guide for Mental Health Professionals the must-know information on the current considerations for how to legally and ethically navigate cross-jurisdictional teletherapy practice. In particular, we will address licensure compacts, recent legal developments, state-specific rules, risk management strategies, custodian of record obligations, and working with minors across state lines. Presented by Eric Ström, JD PhD LMHC; and PCT Director, Liath Dalton Live presentation on Friday, March 28th PCT's Clinical Staff Teletherapy Training PCT's Teletherapy Director and Supervisor Training for Group Practices PCT's Teletherapy Manuals and Forms for Group Practices Group Practice Care Premium weekly (live & recorded) direct support & consultation service, Group Practice Office Hours -- including monthly session with therapist attorney Eric Ström, JD PhD LMHC + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost) + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more For Solo Practitioners: PCT's Telemental Health Certificate Program

On January 6, HHS' Office for Civil Rights published a Notice of Proposed Rulemaking titled “HIPAA Security Rule to Strengthen the Cybersecurity of Electronic Protected Health Information.” Wes Morris, Senior Director of Consulting Services, Clearwater, speaks with Jennifer Kreick, Partner, Haynes and Boone LLP, and Thomas Tanabe, Associate, Haynes and Boone LLP, about the proposed updates to the HIPAA Security Rule and the practical impacts for health care organizations. They discuss what is driving these proposed updates and issues related to “required” and “addressable” specifications, sanctions, technology asset inventories and network maps, risk analysis, business associates, and costs and timeline related to implementation. Jennifer and Thomas recently authored an AHLA Bulletin on this topic. From AHLA's Health Information and Technology Practice Group. Sponsored by Clearwater.AHLA's Health Law Daily Podcast Is Here! AHLA's popular Health Law Daily email newsletter is now a daily podcast, exclusively for AHLA Premium members. Get all your health law news from the major media outlets on this new podcast! To subscribe and add this private podcast feed to your podcast app, go to americanhealthlaw.org/dailypodcast.

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we're hoping to lower the level of distress around the proposed HIPAA Security Rule changes for therapy practice owners.  We discuss: What the some of the proposed changes to the Security Rule are, including penetration testing The timeframe for these changes if they are implemented, and the likelihood they actually will be implemented The rationale behind the proposed changes, and why they're necessary in our current threat landscape How following the PCT Way can minimize the changes you need to make as HIPAA regulations evolve Centering client care and safeguarding client info as a motivating factor, rather than fear Listen here: https://personcenteredtech.com/group/podcast/ For more, visit our website. Resources JD Supra article summarizing proposed HIPAA Security Rule Changes and context: New Year, New HIPAA Security Rule: OCR Adds to Health Care Entities' New Year's Resolutions HHS Fact Sheet on proposed changes: HIPAA Security Rule Notice of Proposed Rulemaking to Strengthen Cybersecurity for Electronic Protected Health Information Full text of the Notice of Proposed Rulemaking (NPRM) in the Federal Register: HIPAA Security Rule To Strengthen the Cybersecurity of Electronic Protected Health Information Comments on the NPRM (Note, you can also search the public comments by keyword; ability make comments closed on 3/7/25) PCT Resources PCT's Comprehensive HIPAA Security Compliance Program (discounted) bundles: For Group Practices For Solo Practitioners PCT's HIPAA Risk Analysis & Risk Mitigation Planning service for mental health  practices -- care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You'll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks. Group Practice Care Premium weekly (live & recorded) direct support & consultation service, Group Practice Office Hours -- including monthly session with therapist attorney Eric Ström, JD PhD LMHC + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost) + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more

The US Government recently released a "notice of proposed rulemaking" to update the Security Standards for the Protection of Electronic Protected Health Information. Yes, this is HIPAA. But what will it mean for covered entities and their business associates? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. Show notes: https://www.ecfr.gov/current/title-45/subtitle-A/subchapter-C/part-164/subpart-C

Hold onto your compliance hats—big changes are brewing for HIPAA's Security Rule! The Notice of Proposed Rulemaking (NPRM) is officially out for public comment, and it's clear HHA and OCR are on a mission to modernize and tighten the safeguards for electronic protected health information (ePHI). From clarifying risk analysis expectations to making security requirements less, well, “vague,” these updates aim to bolster patient safety and data protection while keeping pace with today's tech-driven world. But with great updates come great responsibilities for covered entities and business associates alike, so now's the perfect time to weigh in and help shape the final rule before it's set in stone. More info at HelpMeWithHIPAA.com/492

Proposed HIPAA updates could redefine how healthcare handles cybersecurity. From mandatory encryption to multi-factor authentication, these changes aim to tackle modern threats head-on. In this episode, we're breaking down what's changing and what it means for compliance in 2025. Learn more about Medcurity here: https://medcurity.com #Healthcare #Cybersecurity #Compliance #HIPAA 

In this episode, Suzanne Spradley and Chase Cannon discuss recently published proposed regulations relating to HIPAA's Security Rule. Suzanne leads off with an overview of the HIPAA privacy and security rules generally, focusing on security — the usage of personal health information in electronic form. Suzanne and Chase discuss potential changes in definitions under HIPAA's Security Rule, how the risk analysis requirement might be impacted, and what employers should be considering with their internal benefits, technology, and IT teams. Suzanne closes the podcast with her thoughts on the process and timeline for finalizing the proposed regulations.

This week in the Breakroom, Ryan Higgins, Partner at McDermott Will & Emery, joins Maddie News to discuss the recently released HHS proposed rule that would increase cybersecurity protections for electronic protected health information.

#BRNSunday #1783  | The House Education and Workforce Committee passes a CRA resoution to overturn the Retirement Security Rule  | David Levine and Kevin Walsh Groom Law Group & Oliver Renick, Schwab Network   | #Tunein: broadcastretirementnetwork.com #JustTheFacts 

#BRNSunday #1708 | The U.S. Department of Labor Releases the Final Retirement Security Rule | David Levine & Kevin Walsh, Groom Law Group | #Tunein: broadcastretirementnetwork.com #JustTheFacts

In this two-part Triage series, Gina Bertolini, Sarah Carlins, and Jianne McDonald analyze two recent HHS initiatives that address cybersecurity risks to hospitals and health systems nationwide. Cybersecurity events involving our nation's health care providers have precipitously risen in the past five years. The Department of Health and Human Services' Office for Civil Rights (OCR) reports a nearly 300% increase in large data breaches that involve ransomware reported to OCR from 2018 to 2022. Interoperability remains a major government priority, and as remote care models continue to proliferate and the need intensifies for big data to feed increasingly complex technologies, risks to health care providers will continue to abound.   In part two, Gina Bertolini and Sarah Carlins discuss HHS's “Healthcare Sector Cybersecurity” report, which outlines HHS's strategy for securing the digital infrastructure of our nation's health care system. HHS's strategy includes increased funding for support and enforcement of HIPAA's Security Rule and the implementation of voluntary Cybersecurity Performance Goals, and HHS projects changes to HIPAA's Security Rule coming in the Spring of 2024.

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.   In our latest episode, we give group practice owners a heads up about upcoming changes to the HIPAA Security Rule.    We discuss what the focus of these rule changes will be; why the changes are happening; steps you can take to be proactive about HIPAA changes; and PCT's practical tools to help you get on top of things in a manageable way.   Listen here: https://personcenteredtech.com/group/podcast/   For more, visit our website. Resources & Further Information Vital Signs: Digital Health Law Update | Winter 2024 | JD Supra 2024 Update: Regulators Use “Carrots and Sticks” to Incentivize Healthcare Sector Cybersecurity Compliance 3 ways to prepare for impending HIPAA Security Rule updates HHS Unveils Healthcare Cybersecurity Strategy PCT Resources HIPAA Risk Analysis & Risk Mitigation Planning service for mental health group practices -- care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You'll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks. Group Practice Care Premium weekly (live & recorded) direct support & consultation service, Group Practice Office Hours + assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost) + assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more PCT's Group Practice PCT Way HIPAA Compliance Manual & Materials -- comprehensive customizable HIPAA Security Policies & Procedure and materials templates specifically for mental health group practices. with a detailed step-by-step project plan and guided instructions for adopting & implementing efficiently **includes policy prohibition on use of BCC and CC; workforce forwarding emails from their practice email account to personal email account; data entry checking/not using autofill suggestions for recipients -- the P&P components that address the email gone awry situations we discussed in the podcast episode Policies & Procedures include: Customizable templates that address each of the HIPAA Security Rule Standards. Ready for plug-and-play real practice application. Computing Devices and Electronic Media Technical Security Policy Bring Your Own Device (BYOD) Policy Communications Security Policy Information Systems Secure Use Policy Risk Management Policy Contingency Planning Policy Device and Document Transport and Storage Policy Device and Document Disposal Policy Security Training and Awareness Policy Passwords and Other Digital Authentication Policy Software and Hardware Selection Policy Security Incident Response and Breach Notification Policy Security Onboarding and Exit Policy Sanction Policy Policy Release of Information Security Policy Remote Access Policy Data Backup Policy Facility/Office Access and Physical Security Policy Facility Network Security Policy Computing Device Acceptable Use Policy Business Associate Policy Access Log Review Policy Forms & Logs include: Workforce Security Policies Agreement Security Incident Report PHI Access Determination Password Policy Compliance BYOD Registration & Termination Data Backup & Confirmation Access Log Review Key & Access Code Issue and Loss Third-Party Service Vendors Building Security Plan Security Schedule Equipment Security Check Computing System Access Granting & Revocation Training Completion Mini Risk Analysis Security Incident Response Security Reminder Practice Equipment Catalog + Workforce Security Manual & Leadership Security Manual -- the role-based practical application oriented distillation of the formal Policies & Procedures + 2 complimentary seats of the Security Officer Endorsement Training Program (1 for Security Officer; 1 for Deputy (or future Deputy) Security Officer.

At its core, HIPAA revolves around two main rules – The Privacy Rule and The Security Rule. We already looked at what HIPAA is and the penalties involved. In this second episode, David we’ll break down everything about the two fundamental rules of HIPAA that you need to know! The HIPAA Privacy Rule provides federal […]

Defense contractors are parsing out a nearly 250-page proposed rule. It landed sort like a lump of coal on Christmas Eve. It is all about a program known as Cybersecurity Maturity Model Certification (CMMC). At the very least, if you are even tangentially involved in the topic, you should read the proposal and prepare comments. For more, Federal Drive Host Tom Temin talked with procurement attorney Eric Crusius, a partner at Holland and Knight. Learn more about your ad choices. Visit podcastchoices.com/adchoicesSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Defense contractors are parsing out a nearly 250-page proposed rule. It landed sort like a lump of coal on Christmas Eve. It is all about a program known as Cybersecurity Maturity Model Certification (CMMC). At the very least, if you are even tangentially involved in the topic, you should read the proposal and prepare comments. For more, Federal Drive Host Tom Temin talked with procurement attorney Eric Crusius, a partner at Holland and Knight. Learn more about your ad choices. Visit megaphone.fm/adchoices

#BRNSunday #1576 | US Department of Labor Prepares for Online Hearing on Proposed Retirement Security Rule | Kevin Walsh, Groom Law Group  | #Tunein: broadcastretirementnetwork.com #JustTheFacts

Alberto Wareham of Icewater Seafoods says new border security rule discriminates against NL businesses + FFAW fish scientist Erin Carruthers helps us understand issue with 3L snow crab quota.

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we're busting myths about HIPAA training requirements for group practices. We discuss training requirements in terms of the Privacy Rule and Security Rule (and the distinctions between them); when training is required; suggestions to keep training uniform; what resources are available for you and your teams; utilizing tools that are already in your tech stack; compliance documentation; preventing burnout; and having a strong security culture in your practice. Listen here: https://personcenteredtech.com/group/podcast/ For more, visit our website. Resources PCT's HIPAA Security Reminder Memes Step Two of the PCT Way: Training -- role-based, foundational and needs-based topical trainings on HIPAA, mental health ethics, and teletherapy designed specifically for mental health group practices PCT's Group Practice Care: Assign, remind, and track staff training completion with a few clicks in your PCT Dashboard. Set it and forget it. *GPC basic is FREE! **GPC Premium includes HIPAA Security Awareness: Bring Your Own Device + HIPAA Security Awareness: Remote Workspaces training for ALL staff at no per-person cost Additional Security Reminder sources: HealthITSecurity newsletter (select HIPAA, Cybersecurity and Ransomware option) + the Office of Civil Rights (the HIPAA administrators) Security & Privacy Listservs

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we dive deep on the process of HIPAA security risk analysis in a group practice context. We discuss why risk analysis is overwhelming; reframing the way you consider risk analysis; remembering what you are doing right; the recent annual report to Congress from HHS and the Office of Civil Rights (OCR); general requirements for a risk analysis; how PCT approaches risk analysis (in 2 hours!); categories of risk; the tangible benefits of risk analysis in group practice; risk mitigation plans; and approaching risk analysis without burning out. Listen here: https://personcenteredtech.com/group/podcast/ For more, visit our website. Resources PCT's HIPAA Risk Analysis & Risk Mitigation Service for mental health group practices -- have us perform your risk analysis and do all the heavy lifting of this foundational HIPAA requirement   HHS' Guidance on Risk Analysis   HHS Office of Civil Rights emphasized the need for increased compliance with the Risk Analysis requirement in the recently (2/17/2023) released Annual Report to Congress on Breaches of Unsecured Protected Health Information: "Risk Analysis. The Security Rule requires regulated entities to conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI held by the covered entity or business associate. Failures to conduct a risk analysis leave regulated entities vulnerable to breaches of unsecured ePHI as cybersecurity attacks are increasing."

Host Catherine Short welcomes Rachel V. Rose, JD, MBA, on the topic of “A Business Associate Agreement? Tell Me More!” Business Associate Agreements (BAA) are not new; however, some individuals are new to healthcare and others never understood what a BAA is exactly. A BAA is a contract that fundamentally gives assurances that the parties are complying with the Security Rule and Privacy Rule, setting parameters in the event of a reportable security incident or a breach, and states how the sensitive data will be returned and destroyed at the end of the relationship. To stream our Station live 24/7 visit www.HealthcareNOWRadio.com or ask your Smart Device to “….Play Healthcare NOW Radio”. Find all of our network podcasts on your favorite podcast platforms and be sure to subscribe and like us. Learn more at www.healthcarenowradio.com/listen

Cathie Brown, Vice President, Consulting Services, Clearwater, speaks with Ryan Higgins, Partner, McDermott Will & Emery, about what a HIPAA Security Rule Risk Analysis (HSRA) is and what it means to conduct an “OCR-compliant” risk analysis. They discuss how an HSRA relates to other security assessments, suggestions for organizations to follow when conducting an HSRA, and the risks of failing to conduct an HSRA. Ryan recently co-authored an article on this topic for AHLA's Health Law Weekly. Sponsored by Clearwater.To learn more about AHLA and the educational resources available to the health law community, visit americanhealthlaw.org.

1st Talk Compliance features guest Rachel V. Rose, JD, MBA, principal with Rachel V. Rose – Attorney at Law, P.L.L.C., Houston, TX, on the topic of “A Business Associate Agreement? Tell Me More!” Rachel joins our host Catherine Short to discuss how Business Associate Agreements (BAA) are not new; however, some individuals are new to healthcare and others never understood what a BAA is exactly. A BAA is a contract that fundamentally gives assurances that the parties are complying with the Security Rule and Privacy Rule, setting parameters in the event of a reportable security incident or a breach, and states how the sensitive data will be returned and destroyed at the end of the relationship. This presentation not only seeks to dispel myths about why certain language is prevalent in nearly all BAAs, but also provides insight into other provisions, and items for consideration, in light of the 21st Century Cures Act.

1st Talk Compliance features guest Rachel V. Rose, JD, MBA, principal with Rachel V. Rose – Attorney at Law, P.L.L.C., Houston, TX, on the topic of “A Business Associate Agreement? Tell Me More!” Rachel joins our host Catherine Short to discuss how Business Associate Agreements (BAA) are not new; however, some individuals are new to healthcare and others never understood what a BAA is exactly. A BAA is a contract that fundamentally gives assurances that the parties are complying with the Security Rule and Privacy Rule, setting parameters in the event of a reportable security incident or a breach, and states how the sensitive data will be returned and destroyed at the end of the relationship. This presentation not only seeks to dispel myths about why certain language is prevalent in nearly all BAAs, but also provides insight into other provisions, and items for consideration, in light of the 21st Century Cures Act.

A new security rule guide that we've all been waiting for! NIST has developed a cybersecurity resource guide on implementing the HIPAA Security Rule. It provides key activities, descriptions and sample questions to help covered entities and business associates comply with the HIPAA Security Rule.  This guide has tons of good information in it. So, listen in as we discuss some of the cool stuff we picked out. More info at HelpMeWithHIPAA.com/367

In statements throughout his tenure as Director of HHS' Office for Civil Rights from 2017-2021, Roger Severino was repeatedly critical of organizations for not performing a risk analysis or taking action to mitigate identified risks, as required by the HIPAA Security Rule. Clearwater Executive Chairman Bob Chaput talks to him about why he's so passionate about this area of HIPAA compliance and previews the more in-depth discussion that will take place during a special web event on Thursday, September 30. Sponsored by Clearwater. 

First Healthcare Compliance hosts Rachel V. Rose, JD, MBA, principal with Rachel V. Rose – Attorney at Law, P.L.L.C., Houston, TX, for an interactive discussion on “HIPAA Compliance for Business Associates.” The July 2020 monetary payment of over $1 million dollars by a health system to HHS-OCR serves as a reminder to covered entities and business associates alike that HIPAA violations can be costly. The focus of this presentation is on business associates and subcontracts and the potential threats that can exploit vulnerabilities and trigger costly reporting to government agencies, as well as private lawsuits. Risk mitigation strategies will also be discussed, as well as some key items that should not be overlooked during the COVID-19 Pandemic. Objectives: 1. Legal obligations of business associates and subcontractors. 2. Areas of liability, which can extend throughout the "link of trust" between covered entities, business associates and subcontractors. 3. Utilizing compliance with the Privacy Rule, Security Rule, and NIST Standards to mitigate risk - even during COVID.

180. What is the HIPAA Security Rule? Intended Audience: EveryoneThe HIPAA Security Rule is related to the HIPAA Privacy Rule, though HIPAA Security Rule covers the safeguards in relation to ePHI. Today's episode, we quickly go over the requirements in the HIPAA Security Rule. Follow us on social media! Twitter: @pharmacyitme Instagram: @pharmacyinformatics LinkedIn: https://www.linkedin.com/company/pharmacyitme/ Website: Pharmacy IT & Me Email: tony@pharmacyitme.com Follow Tony's personal Twitter account at @tonydaopharmd Network with other pharmacists at Pharmacists Connect!http://pharmacistsconnect.com For more information on pharmacy informatics, check out some of the following useful links: ASHP's Section of Pharmacy Informatics and Technology: https://www.ashp.org/Pharmacy-Informaticist/Section-of-Pharmacy-Informatics-and-Technology/ HIMSS Pharmacy Informatics Community: https://www.himss.org/library/pharmacy-informatics Disclaimer: Views expressed are my own and do not reflect thoughts and opinions of any entity with which I have been, am now, or will be affiliated.This podcast is powered by Pinecast.

Topics for Security Talk 1. PHI = personal health information 2. Security a. Passwords – 8 characters can be hacked in less than 1 minute b. Two Factor Authentication c. Confidentiality refers to protection of information shared with an attorney, therapist, physician (or other) from being shared with third parties without express consent. ... Privacy, on the other hand, refers to the legal protection of personal medical information from being shared on a public platform.Mar 4, 2019 3. Privacy a. Professional Code of Ethics 1. A pharmacist respects the autonomy and dignity of each patient. A pharmacist promotes the right of self-determination and recognizes individual self-worth by encouraging patients to participate in decisions about their health. A pharmacist communicates with patients in terms that are understandable. b. HIPAA i. The HIPAA Privacy Rule for the first time creates national standards to protect individuals' medical records and other personal health information. It gives patients more control over their health information. It sets boundaries on the use and release of health records. 1. www.hhs.gov › hipaa › for-individuals › faq › what-does-the-hipaa-priv... ii. Treatment iii. Administration/Utilization iv. Payment c. HealthIT.gov i. The privacy and security of patient health information is a top priority for patients and their families, health care providers and professionals, and the government. ... The Security Rule sets rules for how your health information must be kept secure with administrative, technical, and physical safeguards. Dec 17, 2018 HealhtIT.gov 4. HIPAA a. Treatment b. Administration/Utilization c. Payment 5. Controversy over Security a. Pro: Data needed for treatment b. Con: How data is used? c. Long, detailed responses to data security before it can be used ______ Make sure to subscribe to get the latest episode. Contact Us: Pharmacy Benefit News: http://www.propharmaconsultants.com/pbn.html Email: info@propharmaconsultants.com Website: http://www.propharmaconsultants.com/ Facebook: https://www.facebook.com/propharmainc Twitter: https://twitter.com/ProPharma/ Instagram: https://www.instagram.com/propharmainc/ LinkedIn: https://www.linkedin.com/company/pro-pharma-pharmaceutical-consultants-inc/ Podcast: https://anchor.fm/pro-pharma-talks

Today I am discussing the recent article from The Inquirer out of Pittsburg Pennsylvania from December 12, 2019. If you are receiving Social Security benefits, you may want to look into this further. One thing to find out is what does the Social Security Administration have you labeled as. And just ask the SSA how will this effect your benefits. You can watch on either Facebook Live: https://fbwat.ch/1W8h9G521t0NCpWI or on YouTube: https://www.youtube.com/watch?v=jSAfDgh7_MU Also, later today I will be live with Independently Blind for his live creator contest giveaway. Make sure you follow his Facebook page to watch the drawing live and discuss with us what we use and how we use our gear for creating content. https://www.facebook.com/independentlyblind Don't forget to follow me on Facebook, Twitter, and Anchor FM. https://www.facebook.com/therealtheoryofablindman https://www.twitter.com/TheoryOBlindMan https://anchor.fm/theoryofablindman If you enjoy my content and wish to donate, you can support me on Patreon, PayPalMe, or become a listener supporter on Anchor FM. https://www.patreon.com/therealtheoryofablindman https://www.paypal.me/theoryofablindman https://anchor.fm/theoryofablindman/support Thank you all for your support and interest into one little blind man's life.

Host Catherine Short talks to Rachel V. Rose, JD, MBA, principal of Rachel V. Rose – Attorney at Law, P.L.L.C., Houston, TX, about the topic of “HIPAA and Health Apps.” As technology evolves and features are adopted by healthcare consumers, so does the need for either new regulations and/or guidance on existing regulations. This radio show highlights the Privacy Rule and the Security Rule in the context of PHI sales and marketing, as well as addressing the recent HHS FAQs on Health Apps. We will learn to appreciate privacy and security concerns related to the marketing and/or sale of PHI, address the recent HHS FAQs on Healthcare Apps, and learn risk-mitigation tips to reduce legally liability. Want to stream our station live? Visit www.HealthcareNOWRadio.com. Find all of our show podcasts on your favorite podcast channel and of course on Apple Podcasts in your iTunes store or here: https://podcasts.apple.com/us/podcast/healthcarenow-radio/id1301407966?mt=2

First Healthcare Compliance hosts Raymond Ribble, founder of SPHER Inc. and co-founder of Fusion Systems Co., Ltd. for an interactive discussion on “HIPAA Security Rule – How to Manage Adherence.” Raymond leads this webinar on approaching a Security Risk Assessment and understanding the benefits and impact the audit has within your organization. Educational Objectives: 1.... The post HIPAA Security Rule – How to Manage Adherence appeared first on First Healthcare Compliance.

First Healthcare Compliance hosts Raymond Ribble, founder of SPHER Inc. and co-founder of Fusion Systems Co., Ltd. for an interactive discussion on “HIPAA Security Rule - How to Manage Adherence.” Raymond leads this webinar on approaching a Security Risk Assessment and understanding the benefits and impact the audit has within your organization. Educational Objectives: 1. The post HIPAA Security Rule – How to Manage Adherence appeared first on First Healthcare Compliance.

Cyberattacks are happening in the health care industry at an alarming rate and some speculate that health care organizations will be the most targeted sector in 2017. As this trend continues to climb, the government has enacted regulatory changes around the HIPAA Privacy and Security Rule requirements. In this episode of The Cerner Podcast, Francois Bodhuin, IT director at Inspira Health Network, a nonprofit health care organization in South Jersey, shares the best practices on how organizations can improve the security of patient information.

There are countless times we have covered the "my EHR vendor handles HIPAA for me" misconception. The recent $155 million whistleblower lawsuit settlement between eClinicalWorks (eCW) and the government really brings it home how wrong you can be about EHR vendors. Meaningful Use attestations relied heavily on the vendors supplying proper information. eCW set up thousands of organizations to take a major hit based on the details in this case and it's settlement. Especially, when you take into account that eCW is one of the biggest EHR vendors out there. CIA of PHI is the objective of the entire Security Rule under HIPAA. Unreliable data created by an application is clearly a data Integrity issue. If you can't trust the data can you trust the system at all? If you have knowledge of this kind of stuff going on somewhere you should review it closely. It includes civil payments by developers and project managers not just the C-Suite folks involved.   For more information: HelpMeWithHIPAA.com/109

In this episode... Andrew discusses a few of the key challenges making it difficult for the healthcare sector right now Robb, Andrew and Raf discuss the importance of identity in the corporate environment Robb and Andrew give some of their wisdom for the successes and failures of CISOs (and the broader security industry) We discuss the technical vs executive CISO approach (which is better?) Robb and Andrew provide some unfiltered advice for CISOs and those who want to become them Guests Robb Reck ( @RobbReck ) - Chief Information Security Officer at Ping Identity, contributor to ISSA Denver with a long history as a successful security executive and leader. Andrew Labbo - Drew is the CISO at Denver Health and Hospital Authority and is the owner and principal of RMHG, which offers HIPAA consulting and HIPAA advisory services. Drew has over 15 years’ experience with information security and technology and over 10 years’ experience as a Privacy and Data Security Officer. He is an expert on HIPAA Privacy and Security Rule regulations as well as HITECH and Omnibus regulatory updates. Drew’s recommendations are guided by his education in health administration and experience and leadership integrating privacy and security controls with health information technology infrastructure and applications, as well as treatment, payment, operations, and human subjects research workflows and processes.

  we discuss some common myths (or points of confusion) surrounding HIPAA compliance requirements. Glossary Myth is a widely held but false belief or idea. Links HealthIT.gov Top 10 Myths of Security Risk AnalysisHealthIT.gov Guide to Privacy and Security of Electronic Health Information Analysis Notes Providers are not allowed to share information about a patient with others unless authorized by the patient to do so. False. Providers can share: With anyone the patient identifies as a caregiver When the information is directly relevant to the involvement of spouse, family member, friends, or caregivers. (Ebola for example) When necessary to notify a caregiver about a change in condition or location of a patient (as long as the patient doesn't object) When in the best interest of the patient regardless of their ability to object or not The security risk analysis is optional for small providers and business associates. False. Everyone is required to abide by the Security Rule which specifically requires a security risk analysis. A checklist will suffice for the risk analysis requirement. False.Checklists are tools for doing the analysis and gathering your data but they aren't enough to meet the risk analysis requirement. A Security Risk Analysis must include three main elements (according to OCR guidance): A. Identification of all PHI sourcesB. Human, electronic and environmental threats to the PHIC. Review of current security measures to protect the PHI from those 

In this episode we discuss technology support requirements under HIPAA and why professional, HIPAA compliant IT services are an important part of managing your security compliance. The Security Rule has so many specific technical things to consider it really requires professional technology services to handle it properly.  We discuss why that is needed and what to expect from a HIPAA Compliant IT company.  Glossary A managed service provider (MSP) is a third-party contractor that is under contract (usually a monthly fee) to provide on-going technology support to other organizations. Links FindHealthcareIT HIPAAforMSPS.com Kardon Compliance   Notes  

MPT Podcast 47 - HIPAA Security Rule and the Impact of the Final Rule, with guest Mike Meikle of Hawkthorne Consulting Group. Mr. Meikle discusses the HIPAA Omnibus Rule and its effect on the Security Rule, and what it means for medical practices. This Issue (5:25): What is the HIPAA Security Rule? How has the HIPAA Final Rule changed the Security Rule? What is the best way to avoid non-compliance issues with the Security Rule? Click the play button to hear the podcast [smart_track_player url="http://mptaudio.s3.amazonaws.com/$emed$podcast/MPT_podcast_47.mp3" title="MPT Podcast 47 - HIPAA Security Rule and the Impact of the Final Rule, with guest Mike Meikle of Hawkthorne Consulting Group." ]

This show (and the next few) will explore what documents you should be tracking within your organization to be HIPAA/HITECH compliant. The number of documents will likely surprise even experienced practitioners. We will take a methodical approach and walkthrough the documents required for the following: 1) the HIPAA Privacy Rule; 2) the HIPAA Security Rule; and 3) the HITECH Breach Notification Rule.

This show (and the next few) will explore what documents you should be tracking within your organization to be HIPAA/HITECH compliant. The number of documents will likely surprise even experienced practitioners. We will take a methodical approach and walkthrough the documents required for the following: 1) the HIPAA Privacy Rule; 2) the HIPAA Security Rule; and 3) the HITECH Breach Notification Rule.

This show will conclude our exploration of what you should expect from an OCR audit. We will conclude our review of the HIPAA Security Rule and start reviewing what to expect from a HITECH Breach Notification inquiry. 

This show will conclude our exploration of what you should expect from an OCR audit. We will conclude our review of the HIPAA Security Rule and start reviewing what to expect from a HITECH Breach Notification inquiry. 

  This show will continue to explore what you should expect from an OCR audit. We will conclude our review of the HIPAA Privacy Rule and start reviewing what to expect from a HIPAA Security Rule audit. Contrary to popular belief, audits are not these mystical "gotcha" exercises, but rather a methodical walkthrough of the following: 1) the HIPAA Privacy Rule; 2) the HIPAA Security Rule; and 3) the HITECH Breach Notification Rule.

  This show will continue to explore what you should expect from an OCR audit. We will conclude our review of the HIPAA Privacy Rule and start reviewing what to expect from a HIPAA Security Rule audit. Contrary to popular belief, audits are not these mystical "gotcha" exercises, but rather a methodical walkthrough of the following: 1) the HIPAA Privacy Rule; 2) the HIPAA Security Rule; and 3) the HITECH Breach Notification Rule.

  This show will continue to explore what you should expect from an OCR audit. Contrary to popular belief, audits are not these mystical "gotcha" exercises, but rather a methodical walkthrough of the following: 1) the HIPAA Privacy Rule; 2) the HIPAA Security Rule; and 3) the HITECH Breach Notification Rule. Auditors, by definition, have to deal with the "reality on the ground" which are the pertinent statutes and regulations. There are systematic ways to attack each of the Rules identified above and we will review those with our audience. We will also review strategies that can help you avoid a finding of "willful neglect."

  This show will continue to explore what you should expect from an OCR audit. Contrary to popular belief, audits are not these mystical "gotcha" exercises, but rather a methodical walkthrough of the following: 1) the HIPAA Privacy Rule; 2) the HIPAA Security Rule; and 3) the HITECH Breach Notification Rule. Auditors, by definition, have to deal with the "reality on the ground" which are the pertinent statutes and regulations. There are systematic ways to attack each of the Rules identified above and we will review those with our audience. We will also review strategies that can help you avoid a finding of "willful neglect."