Donna Grindle and David Sims

Help Me With HIPAA

Business EN ↓ 586 episodes

In today's environment of data breaches, identity theft, fraud, and increasing connectivity, HIPAA Privacy and Security rules are a responsibility to your patients and your clients. HIPAA isn't about compliance, it's about patient care.

Author

Donna Grindle and David Sims

Category

Business

Podcast website

helpmewithhipaa.com

Latest episode

Jul 10, 2026

Where to listen?

Podcasts in the app Replaio Radio Coming soon

Podcasts are coming to the app soon. Install now and be the first to see a whole new take on podcasts

Get it on Google Play Install for free Android 5M+ downloads · 4.8 rating iOS soon

Episodes

5 Costly Cybersecurity Assumptions - Ep 568 10.07.2026

If you've ever caught yourself saying, "We're too small to be hacked," or "That's why we have cyber insurance," you might want to keep reading. This episode shines a spotlight on five cybersecurity assumptions that seem perfectly reasonable – right up until they cost you time, money, or your sanity. From misplaced confidence in vendors to the myth that restoring your systems means the crisis is ov...

Lava Lamps, Gag Gifts, and HIPAA - Ep 567 03.07.2026

What do lava lamps, whoopee cushions, and HIPAA have in common? More than you'd think! This week, a familiar mall retailer famous for gag gifts and lava lamps finds itself at the center of an OCR enforcement action that highlights a common misconception about employer-sponsored health plans. Along the way, you'll learn why "we've never had a problem before" isn't a cybersecurity strategy, how self...

Use Your Free OCR Consulting - Ep 566 26.06.2026

Ever wish you could get expert HIPAA advice straight from the source – without the invoice? This episode digs into a little-known offering: the "free consulting" that the Office for Civil Rights (OCR) actually gives out, if you know where to look. We break down the seven biggest lessons buried in official OCR videos and settlement guidance, covering everything from keeping tabs on your inventory (...

Managing AI Before It Manages You - The HSCC AI Framework - Ep 565 19.06.2026

Healthcare is rushing to adopt AI, but most organizations haven't figured out what it really means to keep it in check. The HSCC just released an AI governance framework aimed at helping healthcare leaders get ahead of the curve—before "shadow AI" and unapproved tools turn into a bigger problem. This episode breaks down why AI governance isn't just IT's job, where most organizations are getting st...

Learning to Live and Work with AI - Ep 564 12.06.2026

AI isn't just a buzzword anymore—it's showing up everywhere in healthcare, whether you realize it or not. In this episode, we get honest about what it means to live and work with AI, why so many people still feel anxious (or even a little excited) about it, and why avoiding it altogether just isn't an option. We dig into practical ways healthcare teams can safely experiment with AI in their daily...

The Fundamentals Still Matter Says the 2026 DBIR - Ep 563 05.06.2026

Are healthcare organizations overcomplicating cybersecurity and missing the basics? In this episode, Donna and David break down the newest Verizon Data Breach Investigations Report and what it really means for hospitals, clinics, and business associates. Despite all the AI headlines and talk about new threats, most breaches still come down to old-school problems—missed patches, credential abuse, a...

When Trust Becomes a Vulnerability - Ep 562 29.05.2026

How much should we really trust the systems and people we rely on every day? This week, we're looking at how trust itself can open the door to risk – whether it's attackers using AI to speed up finding software flaws, insider threats turning frustration into vulnerability, or the limits of encryption we thought was unbreakable. As healthcare organizations try to keep up, these aren't just tech pro...

AI Without Governance Is Just Faster Chaos - Ep 561 22.05.2026

AI is showing up everywhere these days like ketchup at a backyard cookout — apparently it belongs on absolutely everything. But as this episode points out, tossing AI into healthcare operations without governance is basically just upgrading your chaos to premium speed. Using insights from a massive global digital health study, the conversation explores why leadership, oversight, and workforce enga...

Same Hacks, Bigger Losses, Smarter Scams - Ep 560 15.05.2026

Cybercrime has officially entered its "hold my beer" era. In this episode, we break down the FBI's annual Internet Crime Complaint Center report and the numbers are equal parts fascinating and horrifying. We're talking over $20 billion in reported losses, exploding ransomware attacks, AI-powered scams, fake charities, romance cons, business email compromises, and criminals who apparently work hard...

Vibecoding, Breaches, and Regret - Ep 559 08.05.2026

If you've ever wondered what happens when ransomware, bad decisions, cyber insurance confusion, and TikTok tech advice all collide in one spectacular dumpster fire… this episode is for you. The conversation dives into four fresh OCR enforcement actions that all share one painfully common theme: nobody did a proper risk analysis until after everything caught on fire. Add in cybersecurity "professio...

You Didn't Invite AI - But Your Vendor Did - Ep 558 01.05.2026

AI isn't coming – it's already here, quietly working behind the scenes, updating itself, and occasionally making decisions you didn't realize you outsourced. In this episode, we unpack the chaos (yes, chaos) of modern AI adoption, especially when it sneaks in through third-party vendors and tools you already use every day. Think less "cool futuristic tech" and more "did we just pour gasoline on ou...

HIPAA Summit 2026 - What OCR Had To Say - Ep 557 24.04.2026

Ever leave a conference with a notebook full of "wait…we should probably be doing that" moments? That's exactly the energy here. In this episode, we unpack key takeaways fresh from the HIPAA Summit - what stood out, what raised eyebrows, and what might quietly keep compliance folks up at night. Then we pivot into a timely breakdown of the latest OCR webinar on Risk Management Plans, connecting the...

PriSec Is Not Optional for Patient Safety - Ep 556 17.04.2026

If you thought healthcare had enough to juggle already, think again. This episode dives headfirst into the latest "Top 10 Patient Safety Concerns," and spoiler alert—AI is sitting right at the top like it owns the place. From the growing pains of AI-assisted diagnosis to the not-so-small issue of whether anyone is double-checking the robots, things get interesting fast. Toss in cybersecurity risks...

We Need to Talk About Your Home Router - Ep 555 10.04.2026

Let's be honest – most of us treat our home router like a mysterious appliance that just… works. Plug it in, forget about it, and hope the internet gods stay happy. But what if that "set it and forget it" mindset is exactly the problem? With outdated firmware, questionable manufacturing origins, and zero attention for years, your router could be the weakest link in your entire digital life. And ye...

15 Million Record Cover-Up - Ep 554 03.04.2026

Sometimes the biggest threat to your data isn't the hackers, it's what happens after the hackers leave. In this episode, we dive into a jaw-dropping case where 15 million patient records were exposed… and then quietly swept under the rug like a mess nobody wanted to deal with. Spoiler alert: ignoring a breach doesn't make it disappear, it just makes the consequences louder later. If you've ever wo...

The Cyberattack Everyone Should Watch - Especially Healthcare - Ep 553 27.03.2026

Imagine logging in one morning and - poof - everything's gone. Not locked, not held hostage… just gone. That's the kind of cyberattack making waves right now, and it's not your typical "pay me in Bitcoin" situation. In this episode, we unpack the Stryker cyberattack,  a real-world incident that shows how attackers are shifting from making money to making a mess, and why that should have everyone i...

Security Awareness Problem No One Talks About - Ep 552 20.03.2026

Cybersecurity awareness is at an all-time high… so why are we still clicking the same sketchy links like it's a hobby? In this episode, we dig into the uncomfortable truth: people know what to do, they just don't do it. Between overwhelming workloads, nonstop digital noise, and a growing sense that "it's inevitable anyway," security has turned into that thing we all agree is important—right before...

Risk Analysis - Not a Checkbox, Not Optional - Ep 551 13.03.2026

If you think a risk analysis is just another box to check on the HIPAA compliance to-do list, this episode might feel a bit like a reality check… with receipts. Using a real OCR settlement involving a phishing attack and nearly 2,000 patients' data, this discussion digs into what regulators actually expect when they say "risk analysis." Spoiler alert: it's a lot more than running a quick scan and...

Do You GRC or Just RC? - Ep 550 06.03.2026

Governance, Risk, and Compliance. Sounds official. Sounds structured. Sounds like you've got everything under control. But what if you've really just got the "R" and the "C" duct-taped together while governance is off somewhere on vacation? This episode breaks down why governance isn't just policies, committees, or fancy tools—it's the backbone that makes risk management and compliance actually wo...

Choices Have Consequences - Ep 549 27.02.2026

At first glance, these sources don't seem related. But when you connect them, they reveal a pattern we can't afford to ignore — and it's more unsettling than most of us would like to admit. It's time for an honest, slightly uncomfortable conversation about where we are — and maybe to sit down and remember what mom and dad always said about choices and consequences… even if we really didn't want to...

CISA CPGs V2 Might Be the Best SMB Cybersecurity Approach Yet - Ep 548 20.02.2026

Cybersecurity advice is everywhere — frameworks, standards, best practices, expert opinions — enough PDFs to last you the rest of the year. But for small and mid-sized businesses, the real question isn't "What guidance exists?" It's "What should we actually do that lowers our chances of having a really bad cyber day?" If you've ever looked at a massive cybersecurity framework and thought, "This fe...

When One IT Provider Gets Hit Everyone Feels IT - Ep 547 13.02.2026

What happens when the company responsible for protecting everyone else becomes the one that gets hacked? Spoiler alert: it's not just their problem. This episode dives into the uncomfortable reality that when an IT provider gets hit, the ripple effects can slam into hundreds, or even thousands, of businesses at once. From ransomware evolution to insider threats to the ever-growing AI wildcard, thi...

There Is No Finish Line in Cybersecurity- Ep 546 06.02.2026

Some things in life have a finish line. Cybersecurity is not one of them. There's no victory lap, no tape to break, and definitely no moment where you can say, "Cool, we're done here." This episode dives into why cybersecurity is a never-ending process, what regulators are really telling organizations through their guidance, and how the most common security failures still come down to the basics—p...

When AI Stops Being Helpful - Ep 545 30.01.2026

AI: the gift that keeps on glitching. While most folks are still marveling at how AI can write emails and fold laundry (okay, not quite yet), this episode pulls back the curtain on what happens when artificial intelligence stops being polite and starts getting dangerous. We're talking zombie agents, security holes big enough to drive a HIPAA violation through, and automated tools that might just b...

Even Security Leaders Make Human Mistakes - Ep 544 23.01.2026

You'd think the folks steering the cybersecurity ship would be the last ones to punch holes in the hull—but nope, even the pros trip over their own policies. In this episode, we dive headfirst into a cautionary tale where a CISO (yes, the security guy) admits to becoming the insider threat he warns others about. From skipping his own software vetting procedures to triggering network alarms like it...

Listen to the Help Me With HIPAA podcast in Replaio

Radio and podcasts in one app - free, with no sign-up. Install today and do not miss the launch

Get it on Google Play

Replaio is not a podcast publisher; show names, artwork and audio belong to their authors and are distributed through public RSS feeds.