.st0{fill:#FFFFFF;}

Podcast

Free Training Tools 2022 – Ep 368 

 August 12, 2022

By  Donna Grindle

Share0
Tweet0
Share0

It’s that time again folks! October is Cybersecurity Awareness Month. This year’s theme is “It’s easy to stay safe online” with a weekly focus on key behaviors to help protect your important data. Using these free training tools and practicing basic cybersecurity behaviors, you are much more likely to stay safe online.

A 5 star review is all we ask from our listeners.
1x
Apple PodcastsGoogle PodcastPlayer EmbedShare Review Us on Apple PodcastsListen in a New WindowDownloadSoundCloudStitcherSubscribe on AndroidSubscribe via RSSSpotify
Free HIPAA Training
Subscribe to the weekly email update from HMWH

I have read and agreed to your Privacy Policy

In this episode:

Free Training Tools 2022 – Ep 368

Today’s Episode is brought to you by:

Kardon

and

HIPAA for MSPs with Security First IT

 Subscribe on Apple Podcast. Share us on Social Media. Rate us wherever you find the opportunity. 

Great idea! Share Help Me With HIPAA with one person this week!

Learn about offerings from the Kardon Club

and HIPAA for MSPs!

Thanks to our donors. We appreciate your support!

If you would like to donate to the cause you can do that at HelpMeWithHIPAA.com

Like us and leave a review on our Facebook page: www.Facebook.com/HelpMeWithHIPAA

If you see a couple of numbers on the left side you can click that and go directly to that part of the audio. Get the best of both worlds from the show notes to the audio and back!

HIPAA Say What!?!

[03:53] After seeing those 11 cases get dropped in a pile a couple of weeks ago, we have had some increased discussions about how to double check and triple check you are doing the right thing. How do you audit your patient right of access policies and procedures?

First, pick a week, at least over 30 days ago, and pull all the release of information requests that came in that week and all that were supplied that week so that you can make sure your timelines are being met. You’ll want to have all the inbound and outbound communication and documentation surrounding them. Follow the inbound requests to see how they were completed and track backwards the outbound requests to see if everything was done properly on those.

Here are a few questions you should ask yourself, and collect data on, to determine these answers and any others your policies and procedures address for patient right of access.

  • Was it complicated for the patient to make their requests?
  • Did it take more than one request for them to get what they wanted?
  • How did you verify those requests were legit from the patient or a personal representative?
  • If you charged the patient for providing the records, audit the amount charged to confirm it only covers costs allowed and you can document clearly those are acceptable fees.
  • Were records requested in a form or format that you couldn’t provide? If so, is it acceptable to deny those requests? What was supplied in place of the requested form or format?
  • Is there awareness of the staff about your timetable for responding to requests within 15 days, 30 days, etc?
  • Did the patients receive exactly what they asked for?
  • Document number of days between when the requests were made and when you sent the records to the patient.

Once you collect the data you can then start tracking your progress over the year. Pick one or two weeks each year to audit.

405(d) Tip of the Week

[07:20] The HHS 405(d) Task Group has been hard at work creating new content and tools that should be released in the last half of 2022. Never can make promises, but there are great expectations for several pieces of content to be finalized for release. Once we know for sure what will be released and when, we will do a whole episode on how to use them to augment what we are covering today.

Free Training Tools

[09:04]”] Each year we participate as a Cybersecurity Awareness Month Champion. Every year there are freely available tools for training and promoting cybersecurity safety for both business and home users. 2022 is not different. We encourage you to become a champion to use the tools yourself as well as anyone else in your orbit. There are many ways anyone can participate in building CSAM awareness, so go check it out.

In previous years there was a theme for the month and one specific for each week. The overall theme is “It’s easy to stay safe online”. Instead of a weekly theme, though, there are 4 behaviors that we should all adopt to improve our online safety. What are the 4 things, you may ask? Conveniently, they are things that would be perfect to implement and feature in October, I believe anyway.

  1. Enabling multi-factor authentication
  2. Using strong passwords and a password manager
  3. Updating software
  4. Recognizing and reporting phishing

Let’s go through them and discuss some ideas why and how to use the promotional collateral and events for October to help you use the free training tools they are providing you.

Enabling multi-factor authentication

[11:17]”] If you haven’t been pushing multi-factor authentication, now is the time to push it with the focus materials that will be released for Champions. While this used to be the one thing that you could feel ahead of the pack on vs those who did not like to change passwords, it is no longer just a luxury. Some form of MFA must be implemented for anything containing sensitive information.

As the details firm up there will be webinars, emails, articles, and more that will provide the explanation you can use to encourage further implementation of MFA at least for the most important items such as email, accounts with higher privileges, etc.

The 405(d) website already has some info available. Have You Heard About Multi-Factor Authentication (MFA)?

Shoot for teaching staff to use MFA whenever possible just to make sure they understand how not to get tricked into giving up their MFA codes. Yep, the next frontier.

Using strong passwords and a password manager

[18:55]”] We talk about strong passwords and changing passwords all the time. However, I don’t know how anyone is able to do it without using a password manager of some sort. Let’s make that part of the conversation about passwords every time we go down the path from now on.

Tips for Passwords from Cybersecurity Alliance

Let’s talk about secure passwords first. Your password is much stronger if you don’t use the old school idea about all the numbers, letters, upper lower, special characters, etc. So many password strength tools still look for those rules but you can still get an easy one to remember that is very strong without so much madness.

For example: alwaysremember2buyMILKonMonday!

It would take a computer about 23 duodecillion (23 followed by 39 zeros) years to crack your password

If you have a complex password like that one which you use to log into your password manager using MFA also, of course, you can have passwords that you never have to remember. Please put all the precautions in place to recover your password manager including emergency contacts access. Note, there are ways to do this and you should do it immediately, not later, after you have lost your password or your MFA device.

Encourage your staff to use password managers personally and have one to use for work. LastPass is what we use so we can talk specifically about it. No, we are not afflicted with them in any way.

Updating software

[29:46]”] We recently shared a new 405(d) publication on keeping software up to date. This can tie in perfectly with teaching the importance of software updates for everything you have. IoT, routers, mobile devices as well as laptops and servers.

New 405(d) Awareness Product – How to Implement Patching

There are three “How-to” resources-one for small, one for medium, and one for large organizations so that you can start protecting your patients from cyber threats right now!

Small Organizations

Medium Organizations

Large Organizations

Recognizing and reporting phishing

[33:53]”] It is important to not only recognize phishing but adding in the step of reporting it will help stop the proliferation of it.

Here is a great article from the National Cybersecurity Alliance on recognizing phishing emails and tips on what to do when you spot one.

When criminals go phishing, you don’t have to take the bait

Do not click on any links (even the unsubscribe link) or reply back to the email and JUST DELETE IT. You can take your protection a step further and block the sending address from your email program, too.
Go to top

We are coming up on Cyber Security Awareness Month. Become a Champion and check out all of the email examples, articles, social media blurbs, graphics and posters you can use to create a campaign in your office, at home or in your community. And it’s FREE! But don’t just do your training only in October. Remember, you are trying to create a culture of privacy and security, and you can’t create a culture of anything if you’re doing it once a year.

Remember to follow us and share us on your favorite social media site. Rate us on your podcasting apps, we need your help to keep spreading the word. As always, send in your questions and ideas!

HIPAA is not about compliance,

it’s about patient care.TM

Listener Survey

Special thanks to our sponsors Security First IT and Kardon.

Share 0
Tweet 0
Share 0

HelpMeWithHIPAA.com Is A
Collaborative Project

Created & Sponsored By: