crisis HIPAA updatesThere is a lot of confusion along the way as there always will be in a crisis like this one.  We are going to share some of the good information and do our best to clear up some of the misinformation.  No matter what, though, it could all change in the two short weeks between when we record this and when we publish it for you guys.  Our plan is to provide as much solid information that we know to be true and accurate today.


A 5 star review is all we ask from our listeners.
Free HIPAA Training
Subscribe to the weekly email update from HMWH

I have read and agreed to your Privacy Policy.

In this episode:

Crisis HIPAA Updates – Ep 249

The HIPAA Boot Camp

2020 Session Dates

August 18, 19, 20

Tucker, GA

2020 Fall Session Dates

Sept 15, 16, 17

San Pedro, CA

For info go to

Registration Form


Share Help Me With HIPAA with one person this week!

Thanks to our donors.  We appreciate your support!

 If you would like to donate to the cause you can do that at

Like us and leave a review on our Facebook page:

Thank you for taking the time to review us.  The more 5 star reviews we can get the easier it is for people to find us and grow our listener base.

Google Play App reviews

Apple App reviews

01/29/2020 – Apple review

Help Me with HIPPA

I am addicted. Not only are Donna and David full of it – relevant and updated information that is… They are down to earth people. I have yet to listen to an episode without learning something new, which is why I enjoy listening to the episodes over and over.

And of course, great information aside, if you enjoy laughing, this is the place to be. Yep. These two are a hoot!


Crisis HIPAA Updates

Some of the info we have here is general information, others are tips we share for working from home.  Finally, there are some links to some very helpful information from free sources we reference a good bit.

Working from home

The team here at Kardon isn’t really functioning differently.  We work at home and have always done so.  We saw someone post on the Next Door app a person was telling people that they shouldn’t work in their yards because their neighbors were trying to work in the middle of the day.  HA!  We would have a horribly ugly neighborhood if we expected a rule that there were no lawn mowers, blowers, trucks, etc running during the day.  That is just a part of how it works.  Use headphones, it really helps.

David has spent enough time working from home amongst his family compound to experience all kinds of fun realities of life.  Trash pick up every Friday morning is just one example.

No matter how many times you explain to people that just because you are at home doesn’t mean you are hanging out just waiting for someone to call and chat they may not get it.  Set hours and try to inform your friends and family you have work hours just like normal.  Call if they really need something.  Otherwise, it can wait until you have finished work.

It is tougher now than usual, I do admit.  But, we have to find a way to do this so it works for everyone.  Good luck as you sort out the day to day challenges like how often do you really need to shower?

Some of the misinformation out there

There are so many people working from home just full of information to share that I can’t even keep track of all of the articles and opinions coming out.   A few got our attention because people are talking about HIPAA as if they understand it.

Op Ed

This one: HIPAA wasn’t meant to handle a pandemic By Susan Estrich on March 22, 2020 in the Boston Herald is especially challenging for us.  David spotted it and immediately had to share it.

The argument in this article is that HIPAA “is leaving us vulnerable to COVID-19 carriers who don’t tell us their names”.  The concern assumes that people are out wandering around knowing they have the virus and HIPAA is preventing doctors from publishing their names.

Let’s get one thing clear.  HIPAA does not prevent doctors from reporting information to public health authorities.  Especially in this kind of crisis, every positive test is reported to public health unless they are so overwhelmed they can’t keep up with reports.

This article seems to posit that individuals opt in or out of HIPAA.  HIPAA has absolutely nothing to do with what individuals choose to share or not share about their healthcare.  This argument has nothing to do with HIPAA; it has to do with personal choice because any person tested is free to tell anyone they want to about it.

The testing issues mean that the person standing next to you seems fine and has no clue they are infected and sharing it.

Ransomware attackers have promised not to attack

LMAO – this one is so funny it is sad.  When Bleeping Computer interviewed the gangs, they responded… well sort of.  That article was posted March 18.  There were probably people hit that night.  There were certainly ones hit within days.

There are so many phishing campaigns about coronavirus and COVID-19 right now it is impossible to know how many different gangs are using them to get a foothold.  The Netwalker group said they don’t target healthcare but if they get hit they still have to pay.  Ryuk is apparently running a successful campaign right now with Trickbot.

The bottom line… now is the time they will attempt to hit for certain.  They assume you will have no choice other than to pay up.  If you don’t pay up then there is the other problem.  Even more ransomware gangs are now setting up sites to post data from those who do not pay.

We continue to see phishing campaigns, ransomware, and other malware being distributed using this crisis as the hook to fool users into clicking.  Many people are urging them to let up on healthcare if they can’t leave others alone.  It remains to be seen if that will change.  There is no way I would recommend this as the time to assume you can let down your guard at all.

Breaking down and explaining the OCR announcement

At least we can discuss the ones that are pertinent to us here at HMWH!

Back in Feb they released guidance reminding entities what the rules for this kind of situation are under HIPAA.  Bulletin: HIPAA Privacy and Novel Coronavirus explains that you can protect others if you feel there is danger, notify public health and do investigations of contacts under HIPAA as is without special paperwork.  Otherwise, it should be business as normal where TPO is the only reason to share.

In March came the Limited Waiver of HIPAA Sanctions and Penalties During a Nationwide Public

Health Emergency which activated the standard paperwork waivers built into the HIPAA law for public health emergencies and natural disasters.  This allows you to talk to family members without paperwork and skip the NPP plus directory opt outs, etc.

Last week we mentioned that they had opened up rules for telemedicine applications a bit.  After that announcement they had to clarify it even further with another announcement.  OCR Issues Guidance on Telehealth Remote Communications Following Its Notification of Enforcement Discretion came out to attempt to clear things up a bit.

I really liked the summary done by JDSupra on the guidance.  The bottom line is we still do not recommend using apps that do not meet HIPAA requirements as a first choice.  There are plenty of ways to do it right but patient care does come first.  If all you have is the option for FaceTime or Skype then use it.

pasted image 0

Can’t tell you how much I loved seeing this one.  Certainly not the first one of these statements I have seen in the last couple of weeks.  We have a lot to do just keeping things moving in the right direction because we keep hearing these kinds of statements which are just not true.  Thanks to @Boodahpest69 for taking the time to ask us before believing it.

Yes, I responded on Twitter.

Some helpful guides that have been released

NIST Information Technology Laboratory (ITL) Bulletin: Security for Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Solutions has a very nice summary of information from the special publication with the same name.  I found this to be a very good summary of details in SP 800-46 Revision 2.  This will be handy to use as a quick reference moving forward.

CyberSecure My Business has some great information available, as always, but they have several good webinars you may find useful.  They have other tools in their resources like Security Tips for Remote Workers and the joint event with the BBB including the Digital Spring Cleaning Checklist 2020 is worth checking out for several reasons.  First, the pug in the ad is hilarious and second, if you are at home anyway spring clean your digital life.

This is a really tough time for everyone.  Stay safe, stay well, and hang in there.  We promise to do our best to inform you as best we can.  Reach out and let us know if you have any questions or problems we can help you handle.

Remember to follow us and share us on your favorite social media site. Rate us on your podcasting apps, we need your help to keep spreading the word.  As always, send in your questions and ideas!

HIPAA is not about compliance,

it’s about patient care.TM

Special thanks to our sponsors Security First IT and Kardon.