Help Me With Hipaa


Sinopse is a collaboration between Kardon Compliance founder, Donna Grindle, and founder, David Sims. Our mission is to share our Privacy and Security knowledge with those who are required to understand, implement, and manage the complex Privacy and Security requirements of HIPAA compliance.Our work with CEs and BAs inspired us to launch the service to provide information about the complex requirements of HIPAA in a relaxed manner without using too much legalese or geek speak. As the podcasts programs progress we will cover topics about that include sorting through the requirements as well as real world examples of the procedures used, both good and bad.Join us as we do our best to create a show where HIPAA and humor collide!


  • Is email evil? - Ep 326

    15/10/2021 Duração: 51min

    Email is a great tool for communication. It is quick, simple, and it has the potential to reach so many people in so little time. But, it can also be an easy way for hackers to get their hands on your personal information if you're not being careful. Phishing scams are one of the most popular ways that hackers use email as a tool to steal your information and cause data breaches.  Email is evil! More info at

  • IT and cybersecurity are not the same - Ep 325

    08/10/2021 Duração: 45min

    IT and cybersecurity services are not the same. If you are in the market to purchase managed services or security services from an IT firm, you’ll want to listen to this podcast to understand how they are different, why they are different and why you need to understand those differences to better protect your organization from cyber attacks. More info at

  • Insights for Customers of MSPs - CISA - Ep 324

    01/10/2021 Duração: 01h13min

    In a world where people are more dependent on technology but lack the expertise to manage their own networks and systems effectively and efficiently, they turn to Managed Service Providers (MSPs).  CISA has released a guide, Risk Considerations For Managed Service Provider Customers, that outlines risk considerations organizations need to consider when they partner with a MSP.  We will cover this in today’s episode and we are making a big announcement that you’ll want to hear. More info at

  • Consider 3 Ransomware Stories - Ep 323

    24/09/2021 Duração: 59min

    There are many challenges that come with preparing for and responding to a ransomware attack. Ransomware gangs are constantly changing their tactics in order to get to your organization's data. Therefore, as the ransomware landscape continues to evolve, so too must the preparations and responses of businesses. More info at

  • ASPR TRACIE - Readiness and Response Planning - Ep 322

    17/09/2021 Duração: 49min

    You know how we love to pass along guides and resources that can help you improve your organization's privacy and security programs.  Today, we are going to review a recent resource guide put out by HHS’ ASPR TRACIE office called Healthcare System Cybersecurity - Readiness and Response Considerations.  This guide is packed with very helpful tips, best practices, and resources surrounding cybersecurity and responding to cyber incidents.  And it’s FREE!  More info at

  • 7 HIPAA Facts - Ep 321

    10/09/2021 Duração: 01h02min

    Social media is full of people who speak “confidently” about topics that they simply do not fully understand.  HIPAA is one of those topics.  Today, we are covering 7 HIPAA facts that we hope will set the record straight about frequently misunderstood HIPAA topics. More at

  • Social Engineering Tricks with William Price - Ep 320

    03/09/2021 Duração: 53min

    Learn 'tricks of the trade' from a real social engineering tester. We interview William Price of  to learn how they are able to successfully penetrate a company's defenses and get access to their most critical information. How likely would your organization be vulnerable to these same methods? More info at

  • Don’t Be An ID10T! - Ep 319

    27/08/2021 Duração: 48min

    Have you ever heard tech folks refer to a computer problem as an ID10T error?  You probably thought it was some highly technical term geeks use.  Well, it’s not and today we are going to talk about a couple posts and articles where folks’ are flying their ID10T flag high and proud. And hopefully try to prevent you from making an ID10T error. More info at

  • 2021 #BeCyberSmart - Ep 318

    20/08/2021 Duração: 45min

    It’s that time of year again.  Time to start preparing for National Cybersecurity Awareness Month coming up in October.  Do Your Part. #BeCyberSmart is the theme again this year.  Be a Cybersecurity Awareness Month Champion for your business, your community and your family.  More info at

  • 6 Steps for Vendor Management - Ep 317

    13/08/2021 Duração: 40min

    Managing your vendors, or your supply chain, has become increasingly more important these days.  As we’ve seen in the news just in the last several months, data and system breaches can come as a result of the vendors you work with.  So, we felt like it was time to revisit this topic by reviewing the recent update to the HIC SCRiM guide that includes 6 steps for vendor management. More info at

  • 2021 Data Breach Cost Report - Ep 316

    06/08/2021 Duração: 36min

    Every year we cover the most recent report released on the cost of a data breach.  No surprise from this year’s report that the cost continues to rise. And healthcare breaches cost the most across all industries.  Listen in as we go through IBM’s Cost of Data Breach Report 2021. More info at

  • New Breach Notification Bill - Ep 315

    30/07/2021 Duração: 47min

    There’s a new data breach notification bill in Congress that will affect the business community as a whole, not just healthcare. It will create a new data breach disclosure requirement for federal agencies, federal contractors and critical infrastructure companies. It’s time to let folks know when breaches happen. We can’t protect ourselves from things we don’t know about. More info at

  • Cyber Sqwerl - Ep 314

    23/07/2021 Duração: 41min

    There is so much happening in the cyber world today that we couldn’t decide on just one topic to cover in this episode.  So, we will be jumping around and covering a lot of different cyber topics, hence the title of the podcast, Cyber Sqwerl. So, listen fast folks… we’ve got a lot to cover. More info at

  • MSPs Attacked Again - Ep 313

    16/07/2021 Duração: 49min

    Summertime, holidays and long weekends, where many of us are taking time off, are prime times for cyber attacks.  The bad guys are counting on people being in a hurry and letting their guard down so it’ll make it easier to suck you into their attack.  July 4th 2021 was no different.  An MSP was attacked by cyber criminals.  Although this is still an active incident, we will cover what we know in today’s podcast. More info at

  • Offshore or Not? - Ep 312

    09/07/2021 Duração: 40min

    Offshore services are a popular option for many businesses. The ability to work around the clock from different sides of the planet is one thing but the cost savings are the primary driving force for this solution. When it comes to HIPAA Business Associates, though, there are a lot of variables that must be considered when deciding whether to offshore or not. More at

  • SMB Security Best Bets - Ep 311

    02/07/2021 Duração: 46min

    Securing your business is not always the easiest thing to do nor the cheapest.  Today we will review a Cisco study on small and medium sized businesses and their security best bets. In other words, the things that you can do that will help you to most likely attain success and get you the most bang for your buck. More info at

  • DOL Cybersecurity Guidance - Ep 310

    25/06/2021 Duração: 01h04min

    The Department of Labor (DOL) Employee Benefits Security Administration (EBSA) issued its very first cybersecurity guidance in April 2021and they sound remarkably like all the things that we recommend doing under HIPAA, HICP and the NIST cybersecurity framework.  Let’s check it out! More info at

  • Is it really that bad? - Ep 309

    18/06/2021 Duração: 58min

    They say ignorance is bliss.  Ignorance can also leave you vulnerable to cyber attacks and patient safety issues. As we see news about cyber attacks coming from everywhere, you might ask “Is it really that bad?” Yes, yes it is. And it continues to get worse. More info at

  • Maturity Model Matters - Ep 308

    11/06/2021 Duração: 53min

    Privacy and security should be a part of all organizations day-to-day activity and company culture.  But how do you know how mature your privacy and security program really is? By using one of the many maturity models.  Today, we are discussing the new DoD Cybersecurity Maturity Model Certification (CMMC) that breaks controls into levels so you can see what implementation level or maturity level your program is at any given moment.   More info at

  • Peachstate Not A Peachy OCR Settlement - Ep 307

    04/06/2021 Duração: 52min

    It’s been a while since we’ve reviewed an OCR settlement that wasn’t about the patient right of access initiative. Things are a changin', and in more ways than one. OCR announced the Peachstate settlement just this week that got our attention.  How this case ended up being investigated in the first place is interesting. And as usual, the headline doesn’t tell the whole story.  So, let’s dive in and check it out.  More info at

página 1 de 17