.st0{fill:#FFFFFF;}

Help Me With PriSec – Ep 344 

 February 25, 2022

By  Donna Grindle

Kardon, Help Me With HIPAA and HIPAA for MSPs is hosting the first PriSec Boot Camp in Louisville, KY on Sep 12, 13, 14 and 15. This ain’t yo Momma’s privacy and security. It is a one of a kind event designed for those who need to understand and manage a privacy and security program. Listen to today’s podcast to learn all about it.

A 5 star review is all we ask from our listeners.
1x
Free HIPAA Training
Subscribe to the weekly email update from HMWH

I have read and agreed to your Privacy Policy

In this episode:

Help Me With PriSec – Ep 344

Today’s Episode is brought to you by:

Kardon

and

HIPAA for MSPs with Security First IT

 Subscribe on Apple Podcast. Share us on Social Media. Rate us wherever you find the opportunity. 

The Privacy and Security Boot Camp

3.5 day In Person Event

Sep 12, 13, 14 and 15

PriSecBootCamp.com

Great idea! Share Help Me With HIPAA with one person this week!

Learn about offerings from the Kardon Club

and HIPAA for MSPs!

Thanks to our donors. We appreciate your support!

If you would like to donate to the cause you can do that at HelpMeWithHIPAA.com

Like us and leave a review on our Facebook page: www.Facebook.com/HelpMeWithHIPAA

If you see a couple of numbers on the left side you can click that and go directly to that part of the audio. Get the best of both worlds from the show notes to the audio and back!


HIPAA Say What!?!

[01:35] A client contacted us recently with a situation where an employee was caught snooping in a medical record in which they had no TPO reason to do so. The employee was fired. The patient was someone they knew in the community. The question our client had was about notifying the patient. It’s one thing to follow the HIPAA law in regards to how and when to notify the patient of this incident. But, in this case, you really want to get ahead on the “grapevine” and notify the patient before it gets back to them in some other way and you have an upset patient.

So, this is a situation where we recommend you pick up the phone and call the patient. Yes, HIPAA says you’re supposed to notify the patient and do it in a certain way, but it also allows you to do it immediately, if you feel that there is a reason to do so. You will still follow the law and send the written letter too, but in a situation like this, don’t wait on the time it will take to write the letter and then for the patient to receive it in the mail.

Help Me With PriSec

[06:00] The Small Provider HIPAA blog is what I was doing when David showed up. Then….. Help Me with HIPAA gave birth to The HIPAA Boot Camp which is now giving birth to the PriSec Boot Camp. Why oh why are we doing such a thing?

We’ve said this many times before, if you are truly following the HIPAA Privacy and Security Rule, you are doing the bare minimum. HIPAA is the compliance rules that you use to prove you are doing the bare minimum. But, protecting patient data and company networks isn’t about HIPAA anymore. There are new FTC rules being released about protecting and securing consumer data. There’s also GDPR, CCPA and every state is coming out with their own rules around the topic. Every organization in every industry, including healthcare, should have a well defined privacy and security program.

For years many compliance officers were trained the same as the workforce. Or they would get one of the “certifications,” which we know some are better than others. With that level of training, there is no way you can build and manage these programs.

While there are conferences around the topic of privacy and security, we wanted to create an intensive training event. Much like our HIPAA Boot Camp, we don’t just talk about the “why”; we dive into the “how”. Few things are more frustrating than someone telling you that you must do something but offers no direction on how to accomplish it.

The next logical step… the PriSec Boot Camp. What the heck is PriSec? Privacy and Security is too much to say so we have to do what is expected – shorten it to PriSec.

Like our HIPAA Boot Camps, the PriSec Boot Camp is geared towards making sure that everybody understands why privacy and security is important and how, from a non-technical and a technical viewpoint, to get them done. So, we will be breaking out the “how” into two tracks – one for non-technical folks and one for the IT nerds.

As if you need any more reasons for why we are hosting the PriSec Boot Camp?

  • State laws covering privacy requirements and breach notifications continue to proliferate. Constant discussions surrounding privacy and security requirements for federal and state laws continue to be brought up as the solution to some of the ongoing problems with massive information being captured, stored, and processed every day. It’s just not about HIPAA anymore.
  • All types and sizes of organizations were just told to be worried about securing themselves against ongoing cyber attacks by CISA. But you also need to worry about your vendors. We will cover that.
  • Supply chain vetting is becoming a necessity for large companies and it is filtering down to small companies every day without any legislation requiring it. We will be talking about that.
[23:41] The PriSec Boot Camp is structured with a theme for each day. Listen to the podcast to hear more about what each day’s theme covers, but here is a summary:

  • Monday – SCRiM Day. Supply chain risk management. Everybody needs to understand how the supply chain works. We will cover what BAs need to understand, what the CEs need to understand and what are the ones that are outside the BA and the CE that are now getting sucked into the fray.
  • Tuesday – Ya Got Prove It day. We will cover what kind of questions you will have to answer if you’re investigated by OCR, what kind of questions are people having to answer as part of new business partnerships or their cyber insurance coverage or the state attorney general. Also, we’ve seen cases where practices have a great new business opportunity where a company wants to bring you all these patients, but you’ve got to prove to them that you’re doing all these things first or they are going to hold until you can prove it.
  • Wednesday – Risky Business day. We will be discussing business risk management and have a panel discussion about a real cyber attack with the CEO from the business, the forensics people, IT team, Donna as the Breach Coach, PR people, etc. You really don’t know what a cyber attack entails until you experience one. Of course, we’ll also talk about why you do a security risk analysis and how to do risk management training and getting your IT to help. We’ll cover lots of other topics around the concepts of risk management.
  • Thursday – Murphy’s Law day. If something can go wrong, it will and you must be prepared for it. We are hoping to have a ransomware tabletop exercise and review all the different roles involved in an attack like this. We will also discuss creating a culture of compliance by having the proper leadership at administrative levels as well as technical levels. And then to close everything out, we will help you create action plans of things to do when you are back in the office to start building or improving your privacy and security programs.

Many different roles are required to understand this stuff now and it isn’t going to become less of a concern or requirement by any means. Everyone needs to understand it at some level, but those responsible for managing businesses, IT support, network decisions, data protections, uses and disclosures need to understand the bigger picture to make the proper decisions.

The PriSec Boot Camp is not a conference. It is a specialized, intense training specifically designed for those who need to understand, design and manage a formal privacy and security program. It will give you the “why” it is important followed by “how” to use that information in your business and your roles within it.

We are going to explain why it needs to be more about PriSec than just HIPAA.

The world is changing and the need for security and privacy is more important than ever! That’s why we created the PriSec Boot Camp. We have limited seating and we expect it to sell out quickly. So, get in on it now. We have early bird pricing happening right now. Again, it will be held at the Hyatt Regency in Louisville, KY on Sep 12-15. See ya there folks!

Remember to follow us and share us on your favorite social media site. Rate us on your podcasting apps, we need your help to keep spreading the word. As always, send in your questions and ideas!

HIPAA is not about compliance,

it’s about patient care.TM

Special thanks to our sponsors Security First IT and Kardon.

HelpMeWithHIPAA.com Is A
Collaborative Project

Created & Sponsored By: