connected devicesMore HIPAA COVID examples, another OCR action announced and it is the last week of Cybersecurity Awareness Month. Time to get informed and #BeCyberSmart about connected devices.

A 5 star review is all we ask from our listeners.
Free HIPAA Training
Subscribe to the weekly email update from HMWH

I have read and agreed to your Privacy Policy.

In this episode:

Right of Access Round 9 + Connected Devices – Ep 277

Share Help Me With HIPAA with one person this week!

Thanks to our donors.  We appreciate your support!

If you would like to donate to the cause you can do that at

Like us and leave a review on our Facebook page:

HIPAA Say What!?!

Ezekiel Elliott tested positive for coronavirus and thinks someone violated HIPAA

Interesting story. NFL player tweets “HIPAA??” after COVID status leaked. I know you guys touch on topics like this often on the podcast.  Sent by Jonathan Newsome

Right of Access Round 9

[08:46] Can you believe it!?! Another resolution agreement over patient right of access. HIPAA clearly “Say” you better get your patient access to records in line with the rules. This is the first time I have seen them take something specifically and call out an enforcement initiative that turns into this many settlements.

NY Spine Medicine is the 9th case since the initiative was announced last March. When you consider COVID hit before they had a whole year to gear up, this is definitely intended to get your attention. Hello! Pay attention to these announcements people. They will continue to enforce this strictly until the industry starts to make changes.

On July 22, 2019, OCR received a complaint against NYSM from a patient (“Complainant”). Complainant alleged that she requested access to her protected health information (PHI) numerous times beginning on June 10, 2019, to include a written request via certified mail received by NYSM on June 26, 2019 and had not been provided access to her requested PHI the date of her complaint. To date, she has not received X-ray, MRI and CT scan images she specifically requested.

So, what happened is they gave her what they thought was enough, I guess. NY Spine provided some of the records, but did not provide the diagnostic films that the individual specifically requested.

OCR sent correspondence to NYSM on October 9, 2019 informing NYSM of the allegations, OCR’s authority to investigate, and provided a Data Request requiring a response within 14 days. On January 10, 2020, OCR sent similar additional correspondence via certified mail. This was received by NYSM on January 13, 2020.

OCR further attempted to contact NYSM via telephone at its New York, NY Office on December 26, 2019 and January 24, 2020 and left messages with NYSM’s answering service, and attempted to contact NYSM’s Miami Beach, FL office on March 6, 2020 and left a similar message. OCR received a phone call from NYSM on March 6, 2020 from an individual in NYSM’s records department, who was informed of OCR’s correspondence and NYSM’s obligation to cooperate.

As a result of OCR’s investigation, the complainant received all of the requested medical records in October 2020.

What the what?!? If OCR had to work that hard no wonder the patient struggled.

The press release says:

“No one should have to wait over a year to get copies of their medical records.  HIPAA entitles patients to timely access to their records and we will continue our stepped up enforcement of the right of access until covered entities get the message,” said Roger Severino, OCR Director.

This reminded me of that poster you used to see around offices – floggings will continue until morale improves.

It looks like it is another one that is lucky this is what brought them in and they are focused on this right now. They agreed to $100k and a 2 year CAP.  But…. One of their CAP requirements… name a Privacy Officer.

These folks better get things in line or it will not be pretty on the return visit from OCR.

The Future Of Connected Devices

[21:11] We made it to the last week of Cybersecurity Awareness Month. If you haven’t had a chance to check out some of the resources, plan to do it soon. Hopefully, our reminders have been helpful to some of you. The final week is about just how connected we are today and where we are going to be soon.

Tip Sheets

DHS NCSAM 2020 – Internet of Things


Both of these are short and sweet to get your attention about all the things connected to networks today and where we are headed. I am a big fan of the why do I care element of training. The IoT one has a great section on that.

Why Should We Care?

• Cars, appliances, fitness trackers and other wearables, lighting, healthcare, home security, and more all contain sensing devices that can talk to another machine and trigger other actions. Examples include devices that direct your car to an open spot in a parking lot; mechanisms that control energy use in your home; and tools that track eating, sleeping, and exercise habits.

• New Internet-connected devices provide a level of convenience in our lives, but they require that we share more information than ever.

• The security of this information, and the security of these devices, is not always guaranteed. Once your device connects to the Internet, you and your device could potentially be vulnerable to all sorts of risks.

• With more connected “things” entering our homes and our workplaces each day, it is important that everyone knows how to secure their digital lives.

Excited about 5G with all the hype?

Just like all new tech you should take some time to analyze the risks implementation of the new protocol may bring with it.  Overview of Risks Introduced by 5G Adoption in the United States

Crack the hack event

I have to admit this one seems very interesting. I hope to fit in the time to do it. Someone needs to do it in your organization for sure.

Crack the Hack

From October 26-30, you’ll compete in a week long cyber awareness training challenge where you will learn to think like a hacker. You do not need to be a cybersecurity expert to join!

During Crack The Hack, you’ll take part in the investigation of a compromise where you’ll be given clues to solve along the way. Your objective is to stop the compromise from spreading before it’s too late.

The pace is pretty swift with OCR resolutions. If you aren’t paying attention to what they are saying you may be one of the ones we have to discuss. Get your plans in place and make sure your staff knows patient care comes first. Especially with the latest right of access failures it seems everyone doesn’t see it that way.

Remember to follow us and share us on your favorite social media site. Rate us on your podcasting apps, we need your help to keep spreading the word.  As always, send in your questions and ideas!

HIPAA is not about compliance,

it’s about patient care.TM

Special thanks to our sponsors Security First IT and Kardon.