David admits that as a kid he would dumpster dive for "treasures" people threw away. We've heard more than once of clients who have gone dumpster diving to retrieve documents containing PHI that were mistakenly thrown away in the regular trash. But, a recent OCR announcement highlights one dermatology group that had quite the trashy privacy violation.

More info at HelpMeWithHIPAA.com/372

Should we be questioning other people and vendors we work with about the trust we should have in them? The answer is yes. Are they protecting and securing the patient data we entrust them with? Trust, but verify is something we talk about a lot. So, I ask you… should you be trusted? And can you prove it?

More info at HelpMeWithHIPAA.com/371

Privacy laws are being passed in more and more states every year. Even non-healthcare businesses are finding they must follow privacy laws in the states they do business in. Conducting a privacy assessment is a great way to understand what data you have that needs protecting, what things can go wrong and then, of those things that can go wrong, which ones we can try to prevent.

More info at HelpMeWithHIPAA.com/370

In order to protect PHI, you have to know where it is stored and how it comes in, goes out and moves around your organization. This includes marketing analytic tools used on websites and patient portals. They could be transmitting PHI to social media platforms. Very unnerving, right?

More info at HelpMeWithHIPAA.com/369

It's that time again folks! October is Cybersecurity Awareness Month. This year's theme is "It's easy to stay safe online" with a weekly focus on key behaviors to help protect your important data. Using these free training tools and practicing basic cybersecurity behaviors, you are much more likely to stay safe online.

More info at HelpMeWithHIPAA.com/368

An updated version of the security rule guide that we've all been waiting for! NIST has developed a cybersecurity resource guide on implementing the HIPAA Security Rule. It provides key activities, descriptions and sample questions to help covered entities and business associates comply with the HIPAA Security Rule. This guide has tons of good information in it. So, listen in as we discuss some of the cool stuff we picked out.

More info at HelpMeWithHIPAA.com/367

OCR recently announced the resolution of 12 investigations. Eleven were for patient right of access violations and one was a big dollar settlement of a security incident at Oklahoma State University Center for Health Services. Lots to cover and learn in this episode. So, pay attention, folks.

More info at HelpMeWithHIPAA.com/366

Today's podcast episode is all about why we worry about supply chain issues, why we keep talking about the HiC SCRiM guidance, and why the first day of the PriSec Boot Camp is supply chain risk management. We'll review several supply chain breaches, one where there were 660 providers hit at once. As you probably have guessed, these breaches involved ransomware attacks.

More info at HelpMeWithHIPAA.com/365

It can be a stressful time when you are adding a new vendor or switching vendors for your critical services. This is the time to create a plan and do a risk analysis to make sure everything gets transitioned and set up properly. Things can go wrong if there's no plan in place. Today, we review some tips to help you prepare for a vendor transition.

More info at HelpMeWithHIPAA.com/364

When you're shopping for cybersecurity insurance, the applications can be intense. You'll need to provide a lot of details about your current security protections, and you may be asked to complete a security audit. This is because insurance companies want to be sure that they're not insuring businesses that aren't doing everything they can to protect themselves from cyber attacks. This episode we discuss what questions you may encounter on your cyber insurance applications.