Help Me With Hipaa


Sinopse is a collaboration between Kardon Compliance founder, Donna Grindle, and founder, David Sims. Our mission is to share our Privacy and Security knowledge with those who are required to understand, implement, and manage the complex Privacy and Security requirements of HIPAA compliance.Our work with CEs and BAs inspired us to launch the service to provide information about the complex requirements of HIPAA in a relaxed manner without using too much legalese or geek speak. As the podcasts programs progress we will cover topics about that include sorting through the requirements as well as real world examples of the procedures used, both good and bad.Join us as we do our best to create a show where HIPAA and humor collide!


  • Time for mandatory MFA? - Ep 458

    17/05/2024 Duração: 48min

    After the big cyberattack on Change Healthcare, there’s a hot debate about making Multi-Factor Authentication (MFA) a must-have for all public access points. With Congress getting involved and experts pushing for tougher security, it’s clear that better safeguards are needed to keep our healthcare data safe. This shift towards mandatory security measures shows just how serious cyber threats have become. More info at

  • Who pays for breach notifications? - Ep 457

    10/05/2024 Duração: 56min

    Who's on the hook for breach notifications in healthcare? Recent cybersecurity incidents like the massive Change Healthcare data breach have left providers scrambling and seeking clarity. The tangled relationships between Covered Entities and Business Associates make it tricky to figure out who's liable, especially when cyber incidents ripple down the vendor chain. This raises big questions about the contents of Business Associate Agreements and clarifications on who's responsible for what, ensuring everyone's ready when a data breach hits. More info at

  • Change is Gonna Make Change Happen - Ep 456

    03/05/2024 Duração: 01h02min

    The U.S. healthcare sector is facing significant changes with new HIPAA rules boosting privacy protections, particularly for reproductive health. At the same time, the industry is tackling serious cybersecurity issues highlighted by a major ransomware attack on Change Healthcare. This dual focus on strengthening legal compliance and enhancing data security underscores the urgency of protecting patient information and maintaining trust in healthcare systems. More info at

  • AI Plus Small Business Cybersecurity - Ep 455

    26/04/2024 Duração: 57min

    In the world of cybersecurity, small businesses have their own set of unique challenges. As AI technology becomes more common, using AI in cybersecurity sounds promising, but it's crucial to handle it wisely to avoid new risks. These tools are powerful, but they need to be used carefully because they can also open up new kinds of cyber threats. Small businesses need to build a strong culture of security, making sure everyone is up to speed and constantly testing their defenses against attacks. It's also vital for them to keep their security practices flexible to stay ahead of new threats and tech developments. More info at

  • Attackers Enjoy Sweet Fruit of Patience - Ep 454

    19/04/2024 Duração: 50min

    Aristotle once said, “Patience is bitter, but its fruit is sweet.” That's totally spot on when you think about cybersecurity threats and how sneaky cybercriminals can be. These attackers plant their harmful seeds and just hang back, waiting for the right time to take advantage of old weaknesses. Their patience and careful planning mean they can strike effectively, sometimes after years of waiting, showing just how tricky it is to handle digital security. It really highlights why we need to be on our toes all the time, with solid and forward-thinking security measures to guard our sensitive info from these crafty threats. More info at

  • Learning From The MGM Hack - Ep 453

    12/04/2024 Duração: 57min

    One Friday night in September last year, a massive hack at the MGM Grand caused quite a stir in Las Vegas. Cybercriminals used tricky tactics to slip through the cracks, infiltrating the network, and disrupting services at the hotel and casino. It's a wake-up call for everyone to step up their security game and stay one step ahead in this fast-changing world of cyber threats. More info at

  • Mitigate MSP Risks - Ep 452

    05/04/2024 Duração: 57min

    MSPs are like the backstage crew for your business's IT show, handling everything from network management to cybersecurity. But here's the kicker: while they're busy protecting you, they've got to make sure they're not accidentally opening the back door for trouble with their own tools and business practices in the process of delivering their services. Security is a shared responsibility. More info at

  • Vendors Surprised By Vetting - Ep 451

    29/03/2024 Duração: 01h01min

    In an increasingly interconnected and data-driven world, the importance of rigorous vendor vetting cannot be overstressed. Vendors ticking a box saying that they use a framework for data security and compliance isn’t enough anymore. It is a critical due diligence process that helps clients build secure, compliant, and mutually beneficial business relationships, minimizing risks and enhancing overall business performance. And with the recent Change Healthcare attack, vendors can expect to receive more rigorous questionnaires from their clients and the heightened expectations for transparency and accountability in handling sensitive information. More info at

  • Change HC Attack, What The... - Ep 450

    22/03/2024 Duração: 48min

    As Change Healthcare ransomware attack unfolds, concerns are escalating regarding patient care and safety, pushing the Healthcare Sector Coordinating Council's (HSCC) 5 Year Strategic Plan into the spotlight. Donna and David talk with Gary Salman, CEO of Black Talon Security, on the ongoing situation, what is known and unknown, and its potential long-term effects. With the attack exacerbating issues within the healthcare system and highlighting the urgent need for robust cybersecurity measures, we explore the implications for patient data, the healthcare industry's response, and what this means for the future of healthcare security. More info at

  • HIPAA Summit Review 2024 - Ep 449

    15/03/2024 Duração: 01h02min

    For more than a decade, Donna has immersed herself in the plethora of sessions from the National HIPAA Summit, extracting a wealth of insights into the present and future landscape of HIPAA. Today, she will impart her top three takeaways from this year’s Summit, essential knowledge for navigating the road ahead. Buckle up folks, because these insights are far from trivial. More info at

  • Critical to Stable Condition in 5 Years - Ep 448

    08/03/2024 Duração: 01h01min

    Healthcare is inherently about trust; trust between patients and providers, trust in the efficacy of treatments, and increasingly, trust in the technology that underpins modern medicine. However, this trust is under siege by an evolving landscape of cyber threats. Today, we tackle the critical status of healthcare cybersecurity and the concerted effort the Health Sector Coordinating Council Cybersecurity Working Group has developed to transition the industry to a stable posture over the next five years. More info at

  • NIST, Moobot, Ransomware AI Impact - Ep 447

    01/03/2024 Duração: 01h03min

    The rapid advancement of AI could soon eclipse our understanding, with its capability to predict and even manipulate human behavior. Today, we will dive into how AI is reshaping our understanding and preparedness for the digital threats lurking around the corner. Plus, NIST just released guidance that can be used to help improve the healthcare sector’s cybersecurity posture and assist with achieving compliance with the HIPAA Security Rule. More info at

  • Insider Breach Gets Huge OCR Settlement - Ep 446

    23/02/2024 Duração: 44min

    OCR recently announced a jaw-dropping settlement that should have every healthcare professional on high alert. An insider breach that had staggering repercussions, leading to a monumental $4,750,000 settlement and a two year CAP. HHS has also released new cybersecurity resources and guidance and more is to come. There is no excuse anymore folks. Cybersecurity is everyone’s responsibility and OCR’s enforcement of privacy and security failures is picking up. More info at

  • Cyber Insurance Trends with John Miller - Ep 445

    16/02/2024 Duração: 56min

    Imagine your cybersecurity measures as the immune system of your body. Just like our bodies are constantly exposed to germs and viruses, your business is exposed to a barrage of cyber threats. Cyber insurance is like health insurance for your company's digital health. We are joined today by John Miller of Sterling Seacrest Pritchard, exploring the crucial intersections of healthcare, cyber coverage, and the corporate responsibility of protecting sensitive data. More info at

  • New HPH Sector Cyber Performance Goals Released - Ep 444

    09/02/2024 Duração: 01h03min

    HHS has adapted CISA’s Cybersecurity Performance Goals, released in March 2023, for healthcare entities to better protect those in the healthcare sector from cyberattacks. These voluntary goals aim to strengthen cyber preparedness, improve cyber resiliency, and protect patient health information and safety. In this episode, we will review the HPH CPGs as they will be the basis of the proposed HIPAA Security Rule changes slated to be released later this year. More info at

  • Small Business Cybersecurity 2024 - Ep 443

    02/02/2024 Duração: 50min

    It’s no secret that small businesses face challenges in understanding and keeping up with the rapidly changing cyber threat landscape. Today we’ll discuss some of those challenges and review new free resources from NIST and CISA coming out in 2024 that can help SMBs manage and improve their cybersecurity programs. Buckle up, it’s going to be a busy year. More info at

  • New NY State AG HIPAA Enforcement - Ep 442

    26/01/2024 Duração: 57min

    We all know that OCR is the HHS department that oversees and enforces HIPAA to ensure the protection of individuals' healthcare information.  However, more and more states around the country are also making efforts to protect their constituents’ personal information and hold companies accountable for their poor data security practices. Today, we discuss recent HIPAA enforcement actions taken on businesses by the NY State Attorney General’s Office. More info at

  • Ban Ransomware Payments? - Ep 441

    19/01/2024 Duração: 48min

    The number of ransomware attacks impacting critical services, compromising personal information and attackers requesting higher and higher ransoms continue to rise. Today, we discuss this pressing issue, implications of ransomware attacks, the ethical considerations of paying ransoms, and the urgent need for preventative measures.  More info at

  • Privacy Week Coming Soon - Ep 440

    12/01/2024 Duração: 48min

    In today’s world, it's essential to recognize the importance of safeguarding your personal information. From the moment you wake up and check your smartphone to the minute you stream your favorite show or make an online purchase, your every digital move leaves a trail of data breadcrumbs. But, you have the power to take charge of your data privacy. You can start by taking part in Data Privacy Week, sponsored by the National Cybersecurity Alliance.  More info at

  • Recap 2023 Predictions 2024 - Ep 439

    05/01/2024 Duração: 47min

    It’s time to recap Donna and David’s 2023 HIPAA and cybersecurity predictions and hear what their crystal ball says about what to look out for in 2024. And, since AI exploded in 2023, we asked ChatGPT for predictions for 2024 too. More info at

página 1 de 24