In the digital age, cybersecurity has become a critical concern for businesses and individuals alike. Today, we review the latest release from 405(d), Check Your Cyber Pulse. This cybersecurity Cosmo quiz helps small organizations evaluate their cyber pulse regarding the 10 cybersecurity practices of HICP and decide where they should focus efforts to improve their cybersecurity behaviors.
In this episode:
Check Your Cyber Pulse – Ep 423
Today’s Episode is brought to you by:
Kardon
and
HIPAA for MSPs with Security First IT
Subscribe on Apple Podcast. Share us on Social Media. Rate us wherever you find the opportunity.
Great idea! Share Help Me With HIPAA with one person this week!
Learn about offerings from the Kardon Club
and HIPAA for MSPs!
Thanks to our donors. We appreciate your support!
If you would like to donate to the cause you can do that at HelpMeWithHIPAA.com
Like us and leave a review on our Facebook page: www.Facebook.com/HelpMeWithHIPAA
If you see a couple of numbers on the left side you can click that and go directly to that part of the audio. Get the best of both worlds from the show notes to the audio and back!
Thanks to our donors.
HIPAA Briefs
[05:20] What are the requirements for patient medical records access?- 30 days with one chance to extend (recommend shoot for 15)
- Not super hard for patient to request
- In the format they request as long as it is possible for your environment
- Charges only for the time taken to produce the records in the provided format.
HIPAA Say What!?!
[09:38] 45th Right of access case announced
- Individual first requested a copy of their records from UHC on Jan 7, 2021
- Complaint filed March 2021 because no records received.
- The individual received the records in July 2021, after OCR initiated its investigation.
OCR’s investigation determined that UHC’s failure to provide timely access to the requested medical records was a potential violation of the HIPAA right of access provision.
UHC settled with OCR
They paid $80k plus agreed to a one year CAP.
UHC Resolution Agreement and CAP
Patients are getting smarter about this stuff. If your office hasn’t made that extra effort now is probably your last chance.
Check Your Cyber Pulse
[16:13] New 405(d) resource specifically designed for small businesses:Check Your Cyber Pulse: – Basic Practices for Small Entities
What is it
Check Your Cyber Pulse is a quick reference for small organizations to review the 10 cybersecurity practices recommended by HICP and their sub-practices and evaluate their cyber pulse on each one. There is a page that is dedicated to each of the 10 practices. You can do them one at a time, working with IT, to understand where you are on each of the cybersecurity practices.
It doesn’t just ask “Do you have email protections in place?” It narrows down email protections and gives you three scenarios so that you can grade your organization on whether your protections are considered healthy, risky or very risky. You can learn more about cyber safety through the 405(d) Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients (HICP) publication.
[24:33] We check our cyber pulse on Basic Email Practices for Small Entities as an example.
Who should use it and how
[35:30] The Check Your Cyber Pulse reference is great for Compliance Officers, IT professionals and organization leadership folks to use. It’s not a technical guide that only IT professionals will understand. Those in leadership should be able to evaluate each cybersecurity practice and determine whether their pulse is healthy, risky or very risky. And then work with their IT or MSP to start the conversation on how to move those risky and very risky sub-practices to a healthy state. And don’t forget to document these evaluations and business decisions made and actions taken based on your evaluation. Sounds a lot like a Risk Analysis doesn’t it?This reference guide is a whole report card of security practices to look at and evaluate. And if you are going to adopt a Recognized Security Practices framework, this is a good one to use. It is recognized by HHS and OCR and can help you if you find yourself under investigation by OCR for a HIPAA violation. But, keep in mind, you have to have been following a Recognized Security Practices framework for 12 months prior to a security incident. So, start your clock now. Make sure documentation is in place so you can prove you are following a recognized framework.
Why we’re excited about it
[37:50] We are excited about all of the different ways the Check Your Cyber Pulse quick reference guide can be used. It’s educational and helps in decision making. It helps an organization weigh their options on where to focus their efforts to improve in areas that are found to be risky or very risky.This is a great tool to use as an IT or MSP provider as well. MSPs can use it as a tool to explain how their services solve these problems. It can be a great conversation starter with clients to help them understand what services IT has covered and which ones aren’t covered.
Even if you are not a healthcare organization, this quick reference guide is a great tool for any small business to evaluate their basic cyber hygiene pulse.
Don’t leave the fate of your business to chance! Take a proactive stance in implementing appropriate cybersecurity measures. Do an honest evaluation of your cyber pulse using the 405(d) quick reference guide to enhance your cybersecurity practices and protect sensitive information effectively.
Remember to follow us and share us on your favorite social media site. Rate us on your podcasting apps, we need your help to keep spreading the word. As always, send in your questions and ideas!
HIPAA is not about compliance,
it’s about patient care.TM
Special thanks to our sponsors Security First IT and Kardon.
