Episode 114
Dr. Sybil Ingram: What we get wrong about HIPAA!
Dr. Sybil Ingram is a successful and respected governance, management and technology professional with significant expertise with various information security and quality audits and assessments (domestically and internationally), quality management systems, risk management, privacy/security challenges and information systems solutions. With over twenty years of professional experience, she is one of the nation's foremost champions and active consultants for the HIPAA regulations and implementation challenges She has held key positions with industry leaders such as iPatient Axis, McKesson, Johnson & Johnson, Abbott Laboratories Boston Scientific, Amgen and the Centers for Disease Control and Prevention (CDC). In addition, Dr. Ingram is nationally board certified by the American Society of Clinical Pathologists, a member of the international scientific and engineering society. he is an inventor and held a patent [pending] with the United States Patent & Trademark Office (USPTO).
Cyber Security Forum Initiative
https://www.linkedin.com/in/possybilities/
On this Episode Dr. Ingram discusses with John
1) The research they did together with Cyber Security Forum Initiative as it pertains to the current situation in Russia and Ukraine
2) Dr. Ingram's background transitioning from clinical to HIPAA expert
3) The power of having good mentors
4) In the time of Covid, what the public gets wrong with HIPAA
5) Dr. Ingram's work assisting COVID audits
Listen to full episodes on your favorite podcast platform or by visiting: https://podcast.thebusinesssamurai.com
To work with John Barker and Barker Management Consulting ► https://barkerleadership.com
Follow John Barker at:
🐦Twitter ► https://twitter.com/johnbarker78
🌎 LinkedIn ► https://www.linkedin.com/in/johnbarke...
🔴 Instagram ► https://www.instagram.com/johnbarker78/
Mentioned in this episode:
LammarMarie.com Buy 1 Get 1 50% Off
This episode of the business samurai podcast is brought to you by Lammar Marie popcorn. You can get now one bag and get a second bag for half off with the code Barker at checkout. So if you like your snacks, a little sweet, a little salty, a little mixture of both. Go check out lammarmarie.com and all of the flavors that they have for your next snacking sensation. That is lammarmarie.com with code Barker at checkout for buy one, get one half off.
Transcript
[Unknown5]: welcome to the business samurai podcast i'm your host john barker got another
83
::[Unknown5]: fantastic episode today got doctor sybil ingram she is a successful and respected
84
::[Unknown5]: governance
85
::[Unknown4]: yeah
86
::[Unknown5]: management and technology professional with significant expertise with various
87
::[Unknown5]: information security and quality audits and assessments domestically and
88
::[Unknown5]: internationally specialized in quality management systems risk management privacy
89
::[Unknown5]: security challenges and information system solutions with over twenty years of
90
::[Unknown5]: professional experience she is one of the nation's foremost champions and active
91
::[Unknown5]: consultants for the hipaa regulations and implementation challenges she has held
92
::[Unknown5]: key positions with industry leaders such as ipi access mckesson johnson and
93
::[Unknown5]: johnson abbott laboratories boston scientific amgen and the centers for disease
94
::[Unknown5]: control and prevention the cdc in addition dr inm is nationally board certified by
95
::[Unknown5]: the american society of clinical pathologist a member of the international
96
::[Unknown5]: scientific and engineering society she is an inventor and held a patent pending
97
::[Unknown5]: with the united states patent and trademark office she has a phd in health science
98
::[Unknown5]: and medical ethics mba and information systems program management and a ba in
99
::[Unknown5]: medical technologies doctor ingram that is a very impressive resume and thank you
100
::[Unknown5]: for taking the time to talk to me today
101
::[Unknown4]: not pro i io
102
::[Unknown4]: i'm blushing and i know you really can't tell but whenever somebody reads my bio
103
::[Unknown4]: um part of me says yes yes i i actually did that i did that
104
::[Unknown5]: you you did all that stuff exactly
105
::[Unknown4]: i know it's i don't know you know and and it just i'm flattered that you would
106
::[Unknown4]: have me on your show uh number one uh number two i wish you much much success with
107
::[Unknown4]: this endeavor and i want to definitely try to make it worth you a while to invite
108
::[Unknown4]: me to be um
109
::[Unknown4]: with you on your show today
110
::[Unknown5]: no i i again i appreciate it uh for everyone listening or if you're having to
111
::[Unknown5]: watch any of this on uh the youtube channel first met dr ingram on a project that
112
::[Unknown5]: we did volunteer
113
::[Unknown4]: oh
114
::[Unknown5]: for the cybersecurity for initiative a little over a year ago we worked on it for
115
::[Unknown5]: about three months
116
::[Unknown4]: one
117
::[Unknown5]: and it's actually where i kind of want to start kind of a jumping off point before
118
::[Unknown5]: we go into hipaa and privacy and all the stuff that your career has basically been
119
::[Unknown5]: around
120
::[Unknown4]: is there
121
::[Unknown5]: because i felt like the the csi project that we worked on on information warfare
122
::[Unknown5]: relevant to current events as we're as we're currently recording this right now in
123
::[Unknown5]: march of twenty twenty two you've got the russia creating invading ukraine and a
124
::[Unknown5]: lot i know there was other subsets of our team members that i think actually focus
125
::[Unknown5]: specifically on those areas i know i was on
126
::[Unknown5]: china and taiwan and the
127
::[Unknown4]: what
128
::[Unknown5]: relationship with there but how information misinformation disinformation really
129
::[Unknown5]: you know affects perspective and in the world so i kind of want to get your take
130
::[Unknown5]: after you've went you know you went through that you were i believe the overall
131
::[Unknown5]: project manager for that program and had a lot more visibility to the whole thing
132
::[Unknown5]: but get your thoughts on what you learned during that experience
133
::[Unknown5]: working working that project
134
::[Unknown5]: to current events today
135
::[Unknown4]: well yes i i when we don't want to be remiss in terms of mentioning a dikes
136
::[Unknown4]: with the
137
::[Unknown5]: great
138
::[Unknown4]: css she was the project management liaison
139
::[Unknown4]: us and our team as well as with us si no yeah c fs uh excuse me and um that was
140
::[Unknown4]: one of the most um exciting projects even though i pulled out some of my lots in
141
::[Unknown4]: the process of working on the
142
::[Unknown4]: that i've ever worked on in my life the content of the subject matter was very
143
::[Unknown4]: informative it was very timely i believe at one point we had about twenty two
144
::[Unknown4]: people on our team um
145
::[Unknown5]: sounds about right
146
::[Unknown4]: would come and go you know based on what we needed at the project at the
147
::[Unknown4]: particular time the subject matter expertise that we needed for different
148
::[Unknown4]: countries for different nation states for different technologies that the
149
::[Unknown4]: different nation states could
150
::[Unknown4]: potentially use in water to siphon off information from another nation state or
151
::[Unknown4]: just uh you know and we did a little bit of a a a dive into the uh dark hat world
152
::[Unknown4]: with uh hackers and what actors could do and how that information could be used um
153
::[Unknown4]: in an in the various waves uh against uh other countries
154
::[Unknown4]: and how governments were going to be getting into the use of the information if
155
::[Unknown4]: they were privy to it we could look at some of the abc agencies and
156
::[Unknown4]: here as well as agency agencies that they have in other countries that are
157
::[Unknown4]: counterparts to ours and how they would use that information so
158
::[Unknown4]: with our team
159
::[Unknown4]: being uh a domestic team as well as an
160
::[Unknown5]: yeah
161
::[Unknown4]: international team because we had people in nigeria amsterdam we had people in
162
::[Unknown4]: spain we had people in greece i believe
163
::[Unknown4]: all the different type
164
::[Unknown5]: this to be in france on ours
165
::[Unknown4]: yeah yeah yeah that
166
::[Unknown5]: yep
167
::[Unknown4]: that's true that someone in france um working that project
168
::[Unknown4]: getting everybody together on one patient
169
::[Unknown4]: um
170
::[Unknown4]: thinking with one voice about information warfare
171
::[Unknown4]: from all the different perspectives that we we were challenged with
172
::[Unknown4]: the project was for us to develop of course
173
::[Unknown4]: that was going to cover nine different modules and those
174
::[Unknown5]: yeah
175
::[Unknown4]: nine different modules looked at all the different areas associated with nation
176
::[Unknown4]: state
177
::[Unknown4]: issues as well as
178
::[Unknown4]: the history of information warfare we uh looked at some of the challenges that
179
::[Unknown4]: would be presented to our government our congress
180
::[Unknown4]: and so whenever uh pos uh releases that i would definitely encourage people to go
181
::[Unknown4]: ahead and look at the product that we produced last year he has things scheduled
182
::[Unknown4]: and so um it's good that he does things early on but that the topic content
183
::[Unknown4]: subject matter as well as working with a group that i'd never worked with before
184
::[Unknown4]: we didn't know each other um uh being able to pull that off and pull off well i
185
::[Unknown4]: was what one of my biggest achievements in my career whether it was on a voluntary
186
::[Unknown4]: basis or not
187
::[Unknown5]: no and it and you know speaking of you know i think i i was there in the beginning
188
::[Unknown5]: i believe
189
::[Unknown4]: one
190
::[Unknown5]: it was a lot i think i think for me a lot of the content that i was privy to
191
::[Unknown5]: because we
192
::[Unknown4]: oh
193
::[Unknown5]: had a lot of people that that worked in pretty high levels of government in some
194
::[Unknown5]: of the some of the three letter agencies
195
::[Unknown4]: well
196
::[Unknown5]: and what we're seeing now i think with and i'm going to tie this back into the
197
::[Unknown5]: ukraine and russia
198
::[Unknown4]: yes
199
::[Unknown5]: is what jim polo and i and
200
::[Unknown5]: we had talked about before with a gray zone escalation you know where do these
201
::[Unknown5]: things that are not necessarily military you know the cyber warfare actually will
202
::[Unknown5]: evolve itself into boots on the ground type of situation
203
::[Unknown4]: s
204
::[Unknown5]: and we're seeing and you know just a little bit that i've seen on the news anyway
205
::[Unknown5]: seems like you know those attacks are the cyber attacks are increasing
206
::[Unknown4]: yes
207
::[Unknown5]: are we going to is they going to cross a threshold at some point where this
208
::[Unknown5]: becomes they somebody's hit
209
::[Unknown4]: what
210
::[Unknown5]: a major critical infrastructure electric power grid you know something along that
211
::[Unknown5]: line that's going go okay we're not just gonna fight back cyber we're gonna you
212
::[Unknown5]: know start lobbing bombs literally over there and i don't know if that was
213
::[Unknown5]: something in you know if you agree with that or based on the research that you
214
::[Unknown5]: that we did i mean we did this for months and months on end
215
::[Unknown4]: right
216
::[Unknown4]: if you've been listening to alternative news sources
217
::[Unknown4]: and maybe some of mainstream media but mostly alternative new sources that have
218
::[Unknown4]: not been censored the
219
::[Unknown4]: if we're at the death time level associated with the potential nation state cyber
220
::[Unknown4]: attack coming from that direction over here we're maybe about a def con three
221
::[Unknown4]: point five
222
::[Unknown4]: i think
223
::[Unknown5]: okay
224
::[Unknown4]: four is the highest right and so uh a lot of people are you know all the things
225
::[Unknown4]: that we ask for people to do in information security and cybersecurity in terms of
226
::[Unknown4]: hardening their systems
227
::[Unknown5]: oh
228
::[Unknown4]: against a potential cyber attack all of a sudden everyone is running around and
229
::[Unknown4]: and trying to do that because um the war is real what's happening between russia
230
::[Unknown4]: and ukraine is real um it's no longer gone from a conspiracy therapy theory to
231
::[Unknown4]: being a uh definitely a credible threat
232
::[Unknown4]: even though it let's say that um the president
233
::[Unknown4]: of russia hasn't necessarily come out and state of that there are other people
234
::[Unknown4]: that are close very close to the situation
235
::[Unknown4]: that have been saying this that if something like this were to occur this
236
::[Unknown4]: incursion right now that we're having between ukraine and uh russia that we could
237
::[Unknown4]: expect
238
::[Unknown4]: a cyber security attack and for that people need to be prepared for and it's no
239
::[Unknown4]: longer something theoretical or hypotheticals something that is very real and
240
::[Unknown4]: could happen and has been threatened to occur
241
::[Unknown4]: during this incursion so
242
::[Unknown4]: heads up to anyone who happens to be listening to this on this particular day if
243
::[Unknown4]: you haven't started hardening your systems um is better late than ever but you
244
::[Unknown4]: need to do it now
245
::[Unknown5]: no not i totally agree with uh with with all those comments and we we had chuck
246
::[Unknown5]: brooks on' not sure if you're familiar with chuck brooks or not but um you know
247
::[Unknown5]: big you know
248
::[Unknown4]: trees
249
::[Unknown5]: thinker in the in the space and and he believes that stuff like happened with
250
::[Unknown5]: colonial pipeline last year and now you've got this situation now has really made
251
::[Unknown5]: this kind of a mainstream topic because now you're looking at things that are
252
::[Unknown5]: targeting you know
253
::[Unknown5]: the typical person at home versus strategic government or universities or
254
::[Unknown5]: businesses that are at threat is starting to affect people in their houses and
255
::[Unknown5]: their homes
256
::[Unknown4]: well we have a
257
::[Unknown5]: but
258
::[Unknown4]: lot of off topic excuse me soft targets over here
259
::[Unknown5]: yep
260
::[Unknown4]: and you know with me being in health care health care is definitely a soft target
261
::[Unknown4]: health care needs to be open for a variety of reasons in terms of sharing
262
::[Unknown4]: information back and forth between people
263
::[Unknown4]: and uh unfortunately um
264
::[Unknown4]: in the process of having to be so open it's it's very soft schools are soft
265
::[Unknown4]: targets you know
266
::[Unknown5]: uh
267
::[Unknown4]: i'm hoping that our utilities are not uh soft targets i'm hoping that they become
268
::[Unknown4]: as hardened as as they can uh become and there's no reason why um there shouldn't
269
::[Unknown4]: be more funding allocated to make sure that our infrastructure over here does not
270
::[Unknown4]: suffer what the colonial pipeline people have suffered the other thing that i
271
::[Unknown4]: wanted to mention and
272
::[Unknown5]: like
273
::[Unknown4]: man cause it just kind of came to my head while while we were talking about this
274
::[Unknown4]: subject you know the magician has you look at the hand over here
275
::[Unknown4]: while he's really doing something
276
::[Unknown4]: so you know if if we're just looking at russia and ukraine brushing ukraine
277
::[Unknown4]: russian
278
::[Unknown5]: right
279
::[Unknown4]: we need to maybe kind of look over here a little bit at one of the countries
280
::[Unknown4]: that's notorious for nation state
281
::[Unknown4]: incidents and it starts with a dix c and ends her
282
::[Unknown4]: and um
283
::[Unknown4]: um you know this is a a good time while people are distracted over
284
::[Unknown5]: yeah
285
::[Unknown4]: here for them to just come swooping in with uh some of the things that they
286
::[Unknown4]: typically do and who's gonna get the blame are we going to blame russia we're
287
::[Unknown4]: probably not gonna brain blame excuse me ukraine but russia will probably come up
288
::[Unknown4]: first because of all those back and forth and back and forth and rhetoric and you
289
::[Unknown4]: know what's going on when actually we need to look at the big c and the the a
290
::[Unknown4]: people doing things or you know there's a a couple of others that we could be
291
::[Unknown4]: looking at as well but we need to keep a swivel on at all times right now
292
::[Unknown4]: because the distraction is very real and a distraction will cause us
293
::[Unknown4]: to not be on a point where we need to be so we need to keep all the three sixty
294
::[Unknown4]: well
295
::[Unknown5]: in some the video game i played we called that third teaming you're in that heavy
296
::[Unknown5]: firefight with the first team and the third team comes out and knocks you out so
297
::[Unknown4]: yeah that's
298
::[Unknown4]: that's exactly right
299
::[Unknown5]: yeah so let's let's pivot you mentioned you mentioned health care let's get into
300
::[Unknown5]: kind of your area of expertise what you've been doing i believe
301
::[Unknown5]: twenty two years
302
::[Unknown4]: good
303
::[Unknown5]: with hipaa regulations give
304
::[Unknown4]: no
305
::[Unknown5]: us a little bit of your background how did you get involved at that this high of a
306
::[Unknown5]: level uh with with hipaa because it's been i believe the what it became law
307
::[Unknown5]: nineteen ninety six
308
::[Unknown4]: nineteen ninety six word uh was uh affected into law
309
::[Unknown5]: okay
310
::[Unknown4]: by president clinton at that time
311
::[Unknown4]: you know how did i get here
312
::[Unknown5]: yeah
313
::[Unknown4]: i laugh at myself i you know and and that's a question that i ask myself on on a
314
::[Unknown4]: regular basis because as a little girl this is not what i thought that i was going
315
::[Unknown4]: to be doing
316
::[Unknown4]: as a young woman i this is definitely not what i thought i was going to be doing
317
::[Unknown4]: and as a as a pretty middle
318
::[Unknown4]: woman you know professional woman this is still not what i thought i was going
319
::[Unknown4]: um but i what i will say is i've enjoyed the journey i've i've enjoyed the journey
320
::[Unknown4]: from going from uh
321
::[Unknown4]: a clinical background research background a patient care background into health
322
::[Unknown4]: care information systems where i learned about security information security at
323
::[Unknown4]: that time to going and working with different consulting firms being a director
324
::[Unknown4]: with uh a couple of different companies
325
::[Unknown4]: and then
326
::[Unknown4]: right after the y two k initiative of trying to make sure that no planes fell out
327
::[Unknown4]: of the air at midnight when we
328
::[Unknown5]: and she
329
::[Unknown4]: turn for the next century are being thrown immediately immediately
330
::[Unknown4]: in two thousand into hipaa and so uh i remember i went to about sixteen different
331
::[Unknown4]: uh
332
::[Unknown4]: um conferences trying to figure out what this thing was you know trying to make
333
::[Unknown4]: sure that it wasn't a hippopotamus that was being put on
334
::[Unknown5]: yeah
335
::[Unknown4]: here
336
::[Unknown4]: and uh the uh hippopotamus is definitely
337
::[Unknown4]: what it turned out to be in terms of it being a mascot
338
::[Unknown4]: for for hip and people misspelling it all the time and and that type of thing but
339
::[Unknown4]: uh i was fortunate to have uh very good uh mentors at that time um bill bigh wave
340
::[Unknown4]: was one of the authors of hipaa and he took me under his wing
341
::[Unknown5]: no
342
::[Unknown4]: uh during that time and i was able to shadow him on many of those conferences and
343
::[Unknown4]: um just have many uh talks with him uh another one was attorney alan goer mentored
344
::[Unknown4]: me quite well from a the attorney's perspective because the attorneys
345
::[Unknown4]: specifically when it came to the privacy portion of the regulation really jumped
346
::[Unknown4]: on it at that time because it moved from edr to privacy to security and so there
347
::[Unknown4]: was
348
::[Unknown5]: yeah
349
::[Unknown4]: another gentleman by tom hanks that worked with me and beacon partners
350
::[Unknown4]: and tom hired me and then about eight weeks later um he left he was considered one
351
::[Unknown4]: of the leaders uh the futurist in hip at that time and had about twelve different
352
::[Unknown4]: um presentations lined up for him to give
353
::[Unknown4]: and what happened was when he left they put me in his spot so
354
::[Unknown5]: go
355
::[Unknown4]: twelve people who are expecting this futurist to come along that they had been
356
::[Unknown4]: talking to to years just in and chat and here i show up giving the presentation so
357
::[Unknown4]: you know uh that which doesn't kill you makes you stronger
358
::[Unknown4]: and uh uh i was able to learn very quickly and come back and get back with people
359
::[Unknown4]: where i couldn't answer a question very quickly with them within the next forty
360
::[Unknown4]: eight hours and just have that level of discipline and rigor about this particular
361
::[Unknown4]: law now it's morphed as you know over the years
362
::[Unknown4]: the business associates in the beginning did not have to be compliant with
363
::[Unknown4]: regulation only covered entities and i mean this there is whole issue about you
364
::[Unknown4]: know what's a covered entity it's just the law is very clear it's very clear it's
365
::[Unknown4]: um people providers um insurance companies that type of thing you have health care
366
::[Unknown4]: clearing houses primarily but it basically talks about those people that need to
367
::[Unknown4]: send um
368
::[Unknown4]: information
369
::[Unknown4]: electronically and we're talking about the claim from a health care encounter
370
::[Unknown4]: people who send claims electronically to insurance companies electronically as pot
371
::[Unknown4]: of paper those people have to be hippa compliant it's no more than that so people
372
::[Unknown4]: will always try to run around and figure out well do i have to be compliant to to
373
::[Unknown4]: be look at this little definition i hear it
374
::[Unknown4]: not that big and the operative word
375
::[Unknown5]: i
376
::[Unknown4]: of this definition is electronic so if
377
::[Unknown5]: yes
378
::[Unknown4]: you f if you do that you know yeah you have to do this so then when the business
379
::[Unknown4]: associates coming along especially when you look in the transcription area where a
380
::[Unknown4]: lot of the transcription was going out of country
381
::[Unknown4]: and um where doctors would dictate you know a
382
::[Unknown5]: yep
383
::[Unknown4]: procedure during the day um they would have somebody to transcribe it out of
384
::[Unknown4]: country at night and then seven o'clock the next morning six o'clock the next
385
::[Unknown4]: morning they were come in and everything's already tied down and ready for them
386
::[Unknown4]: there was no way to hold those people accountable
387
::[Unknown4]: right because they weren't uh in the us should a breach occur out of the country
388
::[Unknown4]: so that put in two thousand nineteen with the uh omnibus act with a hipaa ha tech
389
::[Unknown4]: act when they made business associates accountable and having to be
390
::[Unknown4]: hippa compliant with at least the security and privacy rules that changed a lot in
391
::[Unknown4]: terms of the perspective of oh i'm a business associate i don't really have to do
392
::[Unknown4]: anything k not yeah now you do and you're a business associ she'd buy another very
393
::[Unknown4]: small definition you know if you're receiving or doing something for on the behalf
394
::[Unknown4]: this covered entity up here that makes with protected health information that
395
::[Unknown4]: makes you a business associate and so
396
::[Unknown4]: i people laugh at me all the time because i'm batus walking encyclopedia of hipaa
397
::[Unknown4]: and
398
::[Unknown5]: we couldn't tell i couldn't tell by listening to that
399
::[Unknown4]: yes i i have to laugh at myself but
400
::[Unknown4]: and i do you know i i take my work very seriously but i don't take myself very
401
::[Unknown4]: seriously and um yeah but i i've seen hippa weaponized
402
::[Unknown4]: s a you know over these years well people in the hospitals or at the doctor's
403
::[Unknown4]: office or at the pharmacies or whatever we'll use hipaa as this weapon like
404
::[Unknown4]: no i'm not gonna give you do this because hipa told me
405
::[Unknown4]: or him and i'm looking around for you know the sentient being that hipaa has
406
::[Unknown4]: become
407
::[Unknown4]: it's taken on a life of its own well i can't do this as this i can do so and it
408
::[Unknown4]: really beat me being in the field and and knowing that that's not true um i at
409
::[Unknown4]: first i would try to correct people
410
::[Unknown4]: and then i said now
411
::[Unknown4]: let me just speak to your supervisor
412
::[Unknown4]: that your supervisor supervisor
413
::[Unknown4]: you know if we're gonna have this little fight i'm not gonna have a fight with you
414
::[Unknown4]: i'm not gonna have a fight with a person that believes that hippa is a levy
415
::[Unknown4]: breathing soul
416
::[Unknown4]: with tea
417
::[Unknown5]: so
418
::[Unknown5]: let me preface the my longer question based on how you answer the most of the
419
::[Unknown5]: place you're working with are you walking with clearly it's like bigger
420
::[Unknown5]: organizations bigger corporations in the medical industry or larger hospitals
421
::[Unknown5]: versus the private practice areas
422
::[Unknown4]: no
423
::[Unknown5]: the smaller doctors
424
::[Unknown4]: anybody who sends claims electronically so i could
425
::[Unknown5]: no no i mean you specifically
426
::[Unknown4]: yeah me i've i've worked a gamut
427
::[Unknown5]: so how
428
::[Unknown4]: yeah i'm mostly larger organization though but i've had some private clients where
429
::[Unknown4]: yeah i'm mostly larger organization though but i've had some private clients where
430
::[Unknown4]: they're won dock shops yeah
431
::[Unknown4]: they're won dock shops yeah
432
::[Unknown5]: sure so one of the things that's been happening in the medical industry over the
433
::[Unknown5]: last several years as a mass consolidation you know there's a lot of private
434
::[Unknown5]: practices that are going out the
435
::[Unknown4]: well
436
::[Unknown5]: ones that are there have to tie in into the uh you know into the large hospital
437
::[Unknown5]: because you know they go through surgery so they're going to you know
438
::[Unknown5]: electronically electronically transmit you know to to the surgery centers or to
439
::[Unknown5]: the main hospital to do work
440
::[Unknown4]: right
441
::[Unknown5]: how has that affected uh you know enforcement you know between the the the private
442
::[Unknown5]: doctors because i've went into some that literally
443
::[Unknown5]: they're not adhering to anything
444
::[Unknown5]: and then i'm going hold up your entry point into the hospital you've got all this
445
::[Unknown5]: stuff tied into there
446
::[Unknown4]: no what
447
::[Unknown5]: do you think that this will kind of harden the systems up a little bit as we're
448
::[Unknown5]: getting consolidation has it been a problem transferring records around how do you
449
::[Unknown5]: think that's affected the industry from a security standpoint with this mass
450
::[Unknown5]: consolidation
451
::[Unknown5]: as the larger companies are sucking them up
452
::[Unknown4]: well this is okay so it depends on how they're being required um
453
::[Unknown4]: if that smaller practice is being acquired um
454
::[Unknown4]: and they're going to be considered employees of the larger organization
455
::[Unknown4]: then the larger organization can go ahead and impose their expectations of
456
::[Unknown4]: policies and procedures
457
::[Unknown4]: software interfaces
458
::[Unknown4]: h seven standard mapping
459
::[Unknown4]: et cetera et cetera et cetera back and forth you know to the hospital or to the
460
::[Unknown4]: larger organization like a health care insurance company
461
::[Unknown4]: if the smaller practices is still just going to be considered a contracted server
462
::[Unknown4]: contracted service to the hospital or to the ambulatory care uh surgery center or
463
::[Unknown4]: something like that then they have no way of enforcing
464
::[Unknown4]: this uh person over here to make sure that they have their policies and procedures
465
::[Unknown4]: that they've gone through their security their privacy and they've done their risk
466
::[Unknown4]: analysis per hipaa they can't do that um
467
::[Unknown4]: unless they have it in the contract
468
::[Unknown4]: that you will be hippa compliant per forty five cfr r one six sixty one hundred
469
::[Unknown4]: sixty four i mean it has to be so the only way that the larger organization can
470
::[Unknown4]: enforce it upon the small organization is contractual okay and so one of the
471
::[Unknown4]: things that the large organization needs to do as a part of their due diligence if
472
::[Unknown4]: they're going to be working with this other entity is to go
473
::[Unknown5]: yeah
474
::[Unknown4]: in there and make sure that they have their policies and procedures to make sure
475
::[Unknown4]: that they've done their risk analysis make sure that all their people have been
476
::[Unknown4]: trained i mean that there's just some basic things that they need to do as a part
477
::[Unknown4]: of their due diligence during the contract phs that's the only way that they can
478
::[Unknown4]: you know they don't they cannot dictate the emr ehr that these people are going to
479
::[Unknown4]: use over here but what
480
::[Unknown5]: sure
481
::[Unknown4]: they can say is in order for your information to come our way it needs to come
482
::[Unknown4]: over here in this format
483
::[Unknown4]: it can be usually it's gonna be h l seven um or if if we're going to be going to
484
::[Unknown4]: the insurance companies then it needs to be an cx one two fifty and fifty ten i
485
::[Unknown4]: believe fifty fifty fifty and fifty yeah fifty and fifty ten are the
486
::[Unknown4]: new standards for the need to go back and forth if you're going to the insurance
487
::[Unknown4]: company so there's ways that it can be enforced it just depends on if this entity
488
::[Unknown4]: is a contractor or if this people if the people over here have been grabbed and
489
::[Unknown4]: are now an employee of the large organization over the years
490
::[Unknown5]: the reason i bring that up is because when we talk about security we talk about
491
::[Unknown5]: supply chain issues all the time and who your partners are who your vendors are
492
::[Unknown5]: and i tell you a story i
493
::[Unknown4]: okay
494
::[Unknown5]: am obviously nowhere near as in depth with this but this is an experience that i
495
::[Unknown5]: had several years ago this practice is has been bought out but i was brought in to
496
::[Unknown5]: do an initial overall hipaa assessment
497
::[Unknown4]: oh
498
::[Unknown5]: and walking into the
499
::[Unknown5]: i laugh a little bit just thinking about this
500
::[Unknown4]: yeah
501
::[Unknown5]: i walk into an environment where every piece of data everything circumvented the
502
::[Unknown5]: firewall within the facility
503
::[Unknown4]: well
504
::[Unknown5]: it wasn't in place
505
::[Unknown5]: and that the guest wi fi if you were sitting in the lobby was on the same you know
506
::[Unknown5]: basically the same network you could access the server if you knew what you were
507
::[Unknown5]: doing or sitting in the parking lot everything was totally accessible and it was
508
::[Unknown5]: happened to be tied into the hospital that was sitting in the same parking lot
509
::[Unknown4]: well
510
::[Unknown5]: and i didn't know you know and and i and i've been curious of if the hospital for
511
::[Unknown5]: instance knew about that would they
512
::[Unknown4]: one
513
::[Unknown5]: sit there and go oh up we got to cut you off because you're putting us at risk
514
::[Unknown5]: from us maintaining our thing
515
::[Unknown4]: what
516
::[Unknown5]: so that how does an enforcement work in a in a situation like that
517
::[Unknown4]: what is constant polling and trolling in the background i mean if you have um if
518
::[Unknown4]: you're not logging events um if you're not
519
::[Unknown5]: uhhuh
520
::[Unknown4]: logging events to your c c t v if you're not having somebody look at the c c t v
521
::[Unknown4]: even looking somebody uh looking and checking the logging events of people
522
::[Unknown4]: entering
523
::[Unknown4]: where they're badging in and out if you're not looking to see if people are
524
::[Unknown4]: carrying things in and out i mean like that's the part of that's on the technical
525
::[Unknown4]: side of uh
526
::[Unknown5]: sure
527
::[Unknown4]: some of it's on the physical side
528
::[Unknown4]: of the security rule in hipaa so it's just a matter of people you know it's what
529
::[Unknown4]: i'm finding john is that people feel like
530
::[Unknown4]: it's a one and done type of deal okay
531
::[Unknown5]: unfortunately
532
::[Unknown4]: i'm
533
::[Unknown5]: that's and that's in unfortunately a lot of the in industry cyber we're there
534
::[Unknown4]: like right i've b it
535
::[Unknown5]: for the second maybe
536
::[Unknown4]: right i've done it i it was painful i don't feel like dealing with it anymore but
537
::[Unknown4]: i've done it and then an incident comes along and then people wonder you know well
538
::[Unknown4]: how did that happen because i set up all these things in place to make sure that
539
::[Unknown4]: it didn't happen well did you test it did you test what you implemented was what
540
::[Unknown4]: you implemented factor when you tested it if if you if you didn't test it then
541
::[Unknown4]: that's why you had a problem if you did test it and you found out that it wasn't
542
::[Unknown4]: effective then why don't you come up with another solution if you're supposed to
543
::[Unknown4]: have people monitoring these things
544
::[Unknown4]: then and they're not telling you
545
::[Unknown4]: then you've got you know some problems there with people not
546
::[Unknown5]: yeah
547
::[Unknown4]: reporting that there's an issue that's why you know you go in and and you sauce
548
::[Unknown4]: all those things and but but nobody's saying anything
549
::[Unknown4]: probably because they think john's looking at it or terry's looking at or you know
550
::[Unknown4]: jim you're supposed to be doing that over there and then you get this you know
551
::[Unknown4]: point you know the story about when you point one finger up you've got three
552
::[Unknown4]: fingers pointing back at yourself and so it it's just a matter of
553
::[Unknown4]: not adopting the mindset of that putting things together is one and done when it
554
::[Unknown4]: comes to security
555
::[Unknown4]: that security has to be all monitored all the time and that you need to to look at
556
::[Unknown4]: it more than once a year even you know people say go ahead and look at your
557
::[Unknown4]: policies and procedures annually but you need to look at your process it's no less
558
::[Unknown4]: no less than every ninety days um to make sure that you know they're working um i
559
::[Unknown4]: don't know how many times i have to talk to people about patch management
560
::[Unknown4]: you know
561
::[Unknown5]: really okay
562
::[Unknown4]: why why is it that i'm having to talk to you about making sure that you know
563
::[Unknown4]: you've got the most update patches on whatever software or firmware that you're
564
::[Unknown4]: working with and why is it that i
565
::[Unknown5]: what you
566
::[Unknown4]: need to talk to you about the fact that it probably needs to be done in sequence
567
::[Unknown4]: when you patch because you can't patch in you haven't passed abc and d yet so that
568
::[Unknown4]: it
569
::[Unknown5]: yeah i was i was gonna clarify for people listening if they didn't know what that
570
::[Unknown5]: meant like he al up you haven't passed in nine months don't start with the new one
571
::[Unknown5]: and don't wait nine months
572
::[Unknown4]: well no we're not trying to make a baby ah you know
573
::[Unknown5]: no
574
::[Unknown4]: we're trying to keep safe stay secure and stay functional stay up you know at any
575
::[Unknown4]: given time we don't want to bring ourselves down you know when we've got this
576
::[Unknown4]: fence and we've got they're building all these firewalls the last person that you
577
::[Unknown4]: want to employ your system is yourself or your organization
578
::[Unknown5]: right
579
::[Unknown5]: do you find that you know a lot of people consider security it's a you know it's a
580
::[Unknown5]: call center but now
581
::[Unknown5]: are you finding a lot of the organizations are they trying to just get by with the
582
::[Unknown5]: bare minimum or they really take it seriously now with ransomware increases threat
583
::[Unknown5]: vectors are much more with the more devices you know your surface detect area is
584
::[Unknown5]: way broader than it used to be particularly there's things in in the medical
585
::[Unknown5]: industry that i don't think people even think about you know we always think about
586
::[Unknown5]: your
587
::[Unknown4]: oh
588
::[Unknown5]: computers or your phones but look at all the medical devices that may you know
589
::[Unknown5]: they're probably i'm gonna call them iot devices internet of things
590
::[Unknown4]: they are yeah
591
::[Unknown5]: devices for a lack of a better term time but
592
::[Unknown4]: yeah
593
::[Unknown5]: do you find that the hospitals really do make an effort of this or is this just
594
::[Unknown5]: trying to get and i used to term hospitals broadly i didn't mean that but
595
::[Unknown4]: yeah i understand
596
::[Unknown5]: but um do you find that it really is the security of the information the data you
597
::[Unknown5]: know because there's a physical risk to hear if something happens on top of just
598
::[Unknown5]: data leakage data people stealing data
599
::[Unknown4]: so what i i would say is
600
::[Unknown4]: health care um who has a tendency to be slow adopting certain things um
601
::[Unknown4]: health care really needs to have very strong c ts and cisos chief information
602
::[Unknown4]: security officers when they had at
603
::[Unknown5]: yeah
604
::[Unknown4]: a minimum a very strong chief information security officer that is very vocal
605
::[Unknown4]: um and is the i don't wanna say a control freak or anything like that but is has
606
::[Unknown4]: developed those relationships in the organization where anything that comes in
607
::[Unknown4]: that may connect to the internet i need to know about it
608
::[Unknown4]: and please let me evaluate it so that i can keep it secure for either the
609
::[Unknown4]: organization or the patient that is you're going to put this medical device into
610
::[Unknown4]: that is going to be sending data back to their primary physician or back to you
611
::[Unknown4]: know the health care organization please let me be a part of that decision
612
::[Unknown4]: when the cto cio the ciso or whatever is not involved at that level
613
::[Unknown4]: then you're going to have leakages occur across the organization
614
::[Unknown4]: and all of that can be prevented if they are brought in early on in the decision
615
::[Unknown4]: making process
616
::[Unknown4]: they need to be a part of every panel of every medical device is being brought in
617
::[Unknown4]: whether the device is class one class two class three per fda
618
::[Unknown4]: categorization with class three being implantable
619
::[Unknown4]: so the um my just my short answer that is the stronger
620
::[Unknown4]: those people are and the more that the organization embraces bringing them into
621
::[Unknown4]: the decision making process the better everything is going to be in terms of
622
::[Unknown4]: securing the information that's going to be going back and forth between i mean
623
::[Unknown4]: because it could be hacked at any given time and that's one of the issues that
624
::[Unknown4]: people are talking about in health care particularly with uh medical devices that
625
::[Unknown4]: have rf d uh implanted into them
626
::[Unknown5]: yep
627
::[Unknown4]: you know for for tracking purposes inventory purposes or whatever and particularly
628
::[Unknown4]: for those devices where let's say if you're looking at some of the devices that
629
::[Unknown4]: regulate pacemakers
630
::[Unknown4]: uh
631
::[Unknown5]: i was gonna say i know somebody has a pacemaker and that's what i immediately
632
::[Unknown5]: i was gonna say i know somebody has a pacemaker and that's what i immediately
633
::[Unknown5]: thought to when you said that yep
634
::[Unknown5]: thought to when you said that yep
635
::[Unknown4]: right uh you're looking at paste mas p pacemakers you're looking at insulin pumps
636
::[Unknown4]: we're looking at anesthesia types of devices where that information is being
637
::[Unknown4]: transmitted back to a clinician and they're able to remotely titrated the
638
::[Unknown4]: citrate the dosage up or down or with a pacemaker you know regulate
639
::[Unknown4]: the uh pulses uh to the point where it's going to be best you know for for their
640
::[Unknown4]: patient there that's yeah a man in the middle attack uh stereo right there if they
641
::[Unknown4]: didn't involve security
642
::[Unknown4]: in taking in and bringing in that device and then putting it to into a patient to
643
::[Unknown4]: your earlier question though health care has become a little bit more sensitive
644
::[Unknown4]: when it comes to ransomware
645
::[Unknown5]: two
646
::[Unknown4]: to the point where you know some doctors have had to to uh
647
::[Unknown4]: close their doors
648
::[Unknown4]: because they didn't have enough money to be able to pay the ransom to get to their
649
::[Unknown4]: medical records to their patients that's very sad when those situations happen and
650
::[Unknown5]: did you
651
::[Unknown4]: and those situations are very preventable but the health care cl
652
::[Unknown5]: yeah
653
::[Unknown4]: clinicians and well just practitioners in general need to understand that there's
654
::[Unknown4]: this whole security
655
::[Unknown4]: organization society people out here that you can go to and ask for help um to to
656
::[Unknown4]: have access to the information that someone is asking for a ransom for this
657
::[Unknown4]: particular time and you don't have to lose your livelihood and you don't have to
658
::[Unknown4]: recreate all that information over um but just ask you know be willing to ask for
659
::[Unknown4]: help so
660
::[Unknown4]: ransomware has become a number one issue uh within health care because there are
661
::[Unknown5]: well
662
::[Unknown4]: so many ransomware attacks that have been happening in health care
663
::[Unknown5]: no absolutely and i and i used to see and uh you know reading articles and stuff
664
::[Unknown5]: for the places that were getting hit a lot of them were not keeping their
665
::[Unknown5]: technology up to date
666
::[Unknown4]: what
667
::[Unknown5]: they were using systems or a well passed end of life you know you're hearing
668
::[Unknown5]: things of old versions of windows still in place you're like hold on a second
669
::[Unknown5]: but i want to shift i've got a hipaa story and i
670
::[Unknown4]: seven
671
::[Unknown5]: wanted to see what your response would be to this because this happened to my mom
672
::[Unknown4]: chicken
673
::[Unknown5]: and i got a i got a call in a panic and i and and i think this ties into if
674
::[Unknown5]: there's if there's fear of people reporting an incident
675
::[Unknown4]: well one
676
::[Unknown5]: but my mom was having some medical issues they had moved and she was going through
677
::[Unknown5]: this very long arduous process of getting a copy of her records
678
::[Unknown4]: blue
679
::[Unknown5]: electron you know to transfer from where they were going to where she had to go
680
::[Unknown5]: get seen
681
::[Unknown4]: six
682
::[Unknown5]: after waiting six months
683
::[Unknown4]: forty
684
::[Unknown5]: she she gets she logs into the portal they had sent it and there was somebody
685
::[Unknown5]: else's entire medical record attached to hers
686
::[Unknown5]: uh and and and so i get a call in a panic i'm like you need a you need to call the
687
::[Unknown5]: hospital let you know let you know be upright that hey something something
688
::[Unknown5]: happened because she got hers as well
689
::[Unknown4]: well
690
::[Unknown5]: and
691
::[Unknown5]: come to find out that the other person's record was married to a doctor when they
692
::[Unknown5]: got wind of it they weren't very happy about what had happened
693
::[Unknown4]: what when
694
::[Unknown5]: but the the hip officers between the two different hospitals started kind of
695
::[Unknown5]: playing pointing fingers at each other and i'm like well that's not either our
696
::[Unknown5]: problem you didn't verify what you sent and you didn't verify what you received
697
::[Unknown4]: correct
698
::[Unknown5]: i in my question with you know to them the reason i told my mom reported i said i
699
::[Unknown5]: don't know if that's a one off or if that's systemic in their processes of what
700
::[Unknown5]: they're doing it that's happening ten percent of the time fifteen percent of the
701
::[Unknown5]: time if if that situation scenario happened to you or someone close to you
702
::[Unknown5]: what how would you have responded to that
703
::[Unknown4]: oh
704
::[Unknown5]: i'm
705
::[Unknown4]: you know
706
::[Unknown5]: putting you on the spot
707
::[Unknown4]: having too much knowledge sometimes can get you in trouble right
708
::[Unknown5]: that's why i'm asking
709
::[Unknown4]: right so in that scenario the person who was at fault was descender
710
::[Unknown5]: okay okay
711
::[Unknown4]: all right uh not
712
::[Unknown4]: verifying the information first
713
::[Unknown5]: not there
714
::[Unknown4]: before they sent it because the security security is end to end not point to point
715
::[Unknown4]: okay so not uh verifying that that information was gest your mother's information
716
::[Unknown4]: that that was an issue there
717
::[Unknown4]: somehow or another getting this other person's information attached to your
718
::[Unknown4]: mother's information sending it out you know
719
::[Unknown4]: that that's not something
720
::[Unknown5]: that
721
::[Unknown4]: that probably happens a lot but i could see where if you're not checking if you're
722
::[Unknown4]: not checking you know
723
::[Unknown5]: really
724
::[Unknown4]: doing a hash
725
::[Unknown4]: uh to make sure that just your mother's information went over and not your mother
726
::[Unknown4]: and somebody else's information one over you know that's an integrity check that
727
::[Unknown5]: right
728
::[Unknown4]: obviously you know wasn't in place there
729
::[Unknown4]: so um
730
::[Unknown4]: um the i don't care about the cso and the cpo chief security officer chief privacy
731
::[Unknown4]: officer whoever is trying to point
732
::[Unknown4]: fingers the offender was the person who sent the information out so it was not the
733
::[Unknown4]: receiver's responsibility to make sure that that was okay it was it was not now um
734
::[Unknown4]: let let's say that the receiver
735
::[Unknown4]: found it before your mother death
736
::[Unknown4]: if the receiver found that before your mother did they have an obligation to
737
::[Unknown4]: report it back and get it corrected before it gets to your mom
738
::[Unknown5]: doger
739
::[Unknown4]: but right so
740
::[Unknown4]: um because something like that would happen so so rarely i could see why the
741
::[Unknown4]: receiver didn't do a check
742
::[Unknown4]: um to and it came in with your mother's name okay it could be this much it could
743
::[Unknown4]: be this many you know in terms of bits and bites and and that type of thing and
744
::[Unknown4]: let's just send it on because it's it's not something you would you would expect
745
::[Unknown4]: for the sender to have done the integrity checks on their a before it and went out
746
::[Unknown4]: but you know if there was so now so now what are they going to do is the receiver
747
::[Unknown4]: always going to be in a position where they're going to have to check and see if
748
::[Unknown4]: the information is correct or not it's not on them it's on the sender
749
::[Unknown4]: it it starts there so um i don't know why it took six months
750
::[Unknown4]: because
751
::[Unknown5]: it she
752
::[Unknown4]: i don't know
753
::[Unknown5]: mill militaries involved military hospitals involved in that stuff so that's what
754
::[Unknown5]: took so long
755
::[Unknown4]: eight
756
::[Unknown5]: but yeah no i she called me in a panic and she gets like i got this p d f and you
757
::[Unknown5]: know it's all of my stuff you know in an email and then i get to the go to the end
758
::[Unknown5]: and it's a another patient's entire record and
759
::[Unknown4]: see
760
::[Unknown5]: it was just i i had not heard of that and i didn't know if it was like the
761
::[Unknown5]: the electronic medical record system messed up or somebody legitimately on the
762
::[Unknown5]: that first in at the first hospital just
763
::[Unknown5]: scan something into the wrong the wrong way but i
764
::[Unknown4]: like
765
::[Unknown5]: found that to be interesting
766
::[Unknown4]: it could be system error and it could be a human error but an error was made uh
767
::[Unknown5]: oh for sure
768
::[Unknown4]: you know and i i'm glad that your mother brought that to your attention because
769
::[Unknown5]: yeah
770
::[Unknown4]: another person you know could have taken that and said hey look you know
771
::[Unknown5]: hey
772
::[Unknown4]: what i got i got my medical record and i got somebody else's you know
773
::[Unknown5]: yep
774
::[Unknown4]: just in minutes of faint um on t v um with with a reporter and you know news
775
::[Unknown4]: people around
776
::[Unknown5]: oh yeah
777
::[Unknown4]: but i i'm i'm glad that your mother had enough um wherewithal to know that this
778
::[Unknown4]: was wrong and and you know just take take it to you and you know kind
779
::[Unknown5]: take it
780
::[Unknown4]: of look or work it out internally because when we get off uh of here there's a
781
::[Unknown4]: page that is sponsored by the department of public human services
782
::[Unknown4]: every breach by every entity that has come to their attention that they make
783
::[Unknown4]: public
784
::[Unknown4]: um
785
::[Unknown5]: okay
786
::[Unknown4]: yeah i call it the hipa wall of shame or most chemistry called the hipaa wall of
787
::[Unknown4]: shame it had the entity name how many people were affected what was the cause
788
::[Unknown4]: and uh who did it
789
::[Unknown4]: and and
790
::[Unknown4]: usually it's gonna be
791
::[Unknown5]: and this is why people don't want to report
792
::[Unknown4]: what people don't want to report you know if five hundred people or more were
793
::[Unknown4]: affected by the breach it you can go out there
794
::[Unknown5]: yeah
795
::[Unknown4]: anytime you want to and look and see who who's doing what and this you know speaks
796
::[Unknown4]: to the credibility and the reputation of the organization with regards to their
797
::[Unknown5]: sure
798
::[Unknown4]: security
799
::[Unknown4]: processes or or lack their own
800
::[Unknown5]: yeah and that and that sometimes at least with a little bit of my personal
801
::[Unknown5]: philosophy mistakes are going to happen particularly if there's a human element
802
::[Unknown5]: involved the most rigorous process sure there being a technical control in place
803
::[Unknown5]: to prevent you from doing something something most like you're tired you're not
804
::[Unknown5]: paying attention you're doing nineteen things because you're doing the job of
805
::[Unknown5]: three people an accident's going to happen
806
::[Unknown5]: but transparency without repudiation sometimes i think you know
807
::[Unknown4]: so
808
::[Unknown5]: short of it being a gregis you know like you said five hundred people you know
809
::[Unknown5]: that needs to be out there
810
::[Unknown4]: who miss me off here
811
::[Unknown4]: you can
812
::[Unknown5]: i want to do it
813
::[Unknown4]: yeah s
814
::[Unknown5]: go ahead
815
::[Unknown4]: f i did these people too
816
::[Unknown4]: i
817
::[Unknown4]: thousand twenty two it's twenty
818
::[Unknown5]: yeah
819
::[Unknown4]: twenty two this law has been in place since two thousand no nineteen ninety six
820
::[Unknown5]: ninety six
821
::[Unknown4]: and the security regulation has been in place since two o four two o five
822
::[Unknown4]: and we're still having these issues in twenty twenty
823
::[Unknown5]: yeah
824
::[Unknown4]: two
825
::[Unknown4]: do you see what i'm saying so it's it's not
826
::[Unknown5]: oh absolutely
827
::[Unknown4]: oh we're getting around to it all we're all you know you going to work on that
828
::[Unknown5]: you know how it is you did it by now you're not doing it
829
::[Unknown4]: where have you go said
830
::[Unknown4]: what have you done
831
::[Unknown5]: but i i'd be remiss with it said not ask you know i do not know what this has
832
::[Unknown5]: evolved about covid and privacy stuff and you had worked in i know you said
833
::[Unknown5]: baltimore and public schools with some auditing can you explain a little bit of
834
::[Unknown5]: what specifically you were doing that was covid related in the in the school
835
::[Unknown5]: systems
836
::[Unknown4]: this is interesting um so i'm able to use my audit and assessment
837
::[Unknown4]: experience
838
::[Unknown4]: in another way and and push up
839
::[Unknown4]: my auditing and assessment experience and use it for covid in
840
::[Unknown4]: a situation here
841
::[Unknown4]: with this um seventy two hospital excuse me seventy two schools where they were
842
::[Unknown4]: trying to get this children back to school
843
::[Unknown4]: as opposed to having them you know take their lessons and do everything on a
844
::[Unknown4]: virtual basis so this was part of the covid initiative getting back to school face
845
::[Unknown4]: to face so you need to look we what i did was normally you know in security we're
846
::[Unknown4]: looking at standards like nest or iso or whatever here there's a group of
847
::[Unknown4]: standards that have been put in place by the school system
848
::[Unknown4]: and uh coming from the cdc coming from osha and some of the things that have been
849
::[Unknown4]: published by fda about what people needed to have in place in order for children
850
::[Unknown4]: and the teachers and other staff members of the school to be safe when they came
851
::[Unknown4]: back to school so we looked at a hand sanitizer the percent of alcohol in the sand
852
::[Unknown4]: sanitizer if they were wearing masks if they had signs up that said stand six feet
853
::[Unknown4]: apart if they were on the floor and they were actually six feet apart if they were
854
::[Unknown4]: on the walls and they were actually six feet apart looking at signs near the
855
::[Unknown4]: escalate near the elevators that said no more than so many people could be in the
856
::[Unknown4]: escalator at at any given time and then looking in the elevators excuse me
857
::[Unknown4]: elevators and seeing that there were signs in there that said six feet apart
858
::[Unknown4]: making sure that there were partitions in the various places where they were going
859
::[Unknown4]: to have people come through looking at people and how they were keeping their
860
::[Unknown4]: records associated with temperature
861
::[Unknown4]: taking as the children
862
::[Unknown5]: oh
863
::[Unknown4]: came in the school and as the staff came in school and if they exceeded their
864
::[Unknown4]: threshold which i think was ninety nine uh degrees fahrenheit at the time uh
865
::[Unknown4]: because i they had dropped it from like a hundred or or at that time if anybody
866
::[Unknown5]: got you
867
::[Unknown4]: is it that way how are they going to take that child and isolate them in a room
868
::[Unknown4]: until their parents could come and get them or arrangements could be made for them
869
::[Unknown4]: the child to be taken um and and to go home for them to go and get covid tests to
870
::[Unknown4]: get a doctor's release before they could come back to school same thing with all
871
::[Unknown4]: of the uh staff that was in the hospital so there was this list of things that
872
::[Unknown4]: they expected for these seventy two schools to do and myself and four other
873
::[Unknown4]: auditors uh did the audits for those schools and came back with a report to say
874
::[Unknown4]: how many m in compliance how many were uh and not in compliance and what the
875
::[Unknown4]: remediation pieces that needed to be done per school and then
876
::[Unknown5]: sure
877
::[Unknown4]: over yeah so that's uh what we were doing with with that particular project with a
878
::[Unknown4]: baltimore city health department i was asked to come up
879
::[Unknown4]: because of my certification with the department of homeland security
880
::[Unknown4]: to help them their recovery planning because the pandemic is considered a national
881
::[Unknown4]: disaster um
882
::[Unknown4]: disaster and it falls under
883
::[Unknown4]: the definitions of homeland security se with their disaster fema protocols so i
884
::[Unknown4]: was working with them on their recovery plans for a while until it became very
885
::[Unknown4]: apparent that
886
::[Unknown4]: recovery planning was a little bit too early
887
::[Unknown4]: to initiate because delta and acron came along
888
::[Unknown4]: and
889
::[Unknown5]: of course
890
::[Unknown4]: start up yeah
891
::[Unknown4]: so um the other people on the team were able to stay uh i was asked to stand down
892
::[Unknown4]: until they come up with a time where they're going to be doing recovery maybe i'll
893
::[Unknown4]: go back to that but it was very interesting looking at it from the perspective of
894
::[Unknown4]: a city department and then
895
::[Unknown4]: the overall department of the state of maryland how they were working together
896
::[Unknown4]: with baltimore city and how the state was working with their initiatives and then
897
::[Unknown4]: looking at the counts because people don't realize the cities are responsible for
898
::[Unknown4]: their own plans the counties are responsible for their plans if the state is
899
::[Unknown4]: responsible for their plan i mean down from the feds all right so you want to
900
::[Unknown4]: harmonize all of these plans together uh for for any type of incident for any type
901
::[Unknown4]: of disaster but they can be written in silence
902
::[Unknown4]: and so
903
::[Unknown5]: that happened to virginia
904
::[Unknown4]: right right and so when you're coming up with these emergency plans it would be
905
::[Unknown4]: nice if you could have everybody together
906
::[Unknown4]: and
907
::[Unknown5]: need some more tabletop exercises it sounds like that happens around this
908
::[Unknown4]: more people stop talking starbucks whatever it takes to get people together
909
::[Unknown4]: so i mean because that's one of the things that's coming out of this whole
910
::[Unknown4]: pandemic is people did uh pandemic planning back in uh two thousand nine two
911
::[Unknown4]: thousand ten for them but then they less alone so then they hadn't looked at their
912
::[Unknown4]: pandemic plan
913
::[Unknown5]: go ahead
914
::[Unknown4]: for years so then this one comes along and this one is uh a worldwide pandemic um
915
::[Unknown4]: so
916
::[Unknown5]: right
917
::[Unknown4]: there's a lot of more moving parts that went along with this pandemic than it did
918
::[Unknown4]: with the one for two thousand nine two thousand ten so um many of the
919
::[Unknown4]: things that we have to look at for covid in terms of preparation and going forward
920
::[Unknown4]: because some people
921
::[Unknown4]: are g covid is not over
922
::[Unknown4]: people feel like it's over and everybody's kind of covered weary even the planners
923
::[Unknown4]: are covet weary but we was we're not at the point
924
::[Unknown5]: what
925
::[Unknown4]: you you know we can just throw everything away and say we declared that the
926
::[Unknown4]: pandemic
927
::[Unknown4]: when the
928
::[Unknown5]: i de this sounds like my michael scott remember from the office i declared
929
::[Unknown5]: bankruptcy
930
::[Unknown4]: a right exactly exactly see you got these human beings went around saying we're
931
::[Unknown4]: tired we're declaring that this pandemic is over it's not anywhe to see anymore
932
::[Unknown4]: and the virus is going to say
933
::[Unknown4]: well you know you know let's let let's see about that you know
934
::[Unknown4]: so which have necessarily we can maybe scale down the emergency response um but we
935
::[Unknown4]: still need to be on our ps and cues when it comes to
936
::[Unknown4]: um maybe learning to live with it like we have done with uh influenza uh so
937
::[Unknown5]: at be great
938
::[Unknown4]: that you right becomes more of an endemic type of process as opposed to this big
939
::[Unknown4]: emergency there's been big pandemic type of issue
940
::[Unknown4]: so
941
::[Unknown5]: right
942
::[Unknown4]: story is still out on that we hasn't been closed yet
943
::[Unknown5]: well awesome well i greatly appreciate your time i clearly know who if i have
944
::[Unknown5]: hipaa questions who i'm going to first and who anybody listening to this needs to
945
::[Unknown5]: go to a first unquestionably if anybody wants to you know reach out acquire how to
946
::[Unknown5]: work with you follow you what's the best way for them to do that
947
::[Unknown4]: um they can reach me at uh info at ingram in associates dot com and that's
948
::[Unknown4]: ingram my last name is that a little n
949
::[Unknown4]: for a and d so it's a little in associates dot com
950
::[Unknown4]: they can look at my website at www dot
951
::[Unknown4]: ingram and associates com or you can find me on linkedin by my first and last name
952
::[Unknown4]: sybil england
953
::[Unknown5]: and i will make sure to have those links in the show notes for sure
954
::[Unknown4]: yes
955
::[Unknown5]: and again i really appreciate time this has been fun it's been an enlightening and
956
::[Unknown5]: uh i agree again i can't thank you enough for spending the last hour with me
957
::[Unknown4]: well you know regulations doesn't have to be boring and
958
::[Unknown5]: no
959
::[Unknown4]: a lot of people think
960
::[Unknown5]: maybe
961
::[Unknown4]: this out of right yeah what the pif was presenting
962
::[Unknown4]: you're bored it's gonna be bored you know i
963
::[Unknown5]: yeah
964
::[Unknown4]: don't consider myself s bored and i mean it's it's a lot of this is just kind of a
965
::[Unknown4]: common sense of type of stuff but you learn over the years the more technical
966
::[Unknown4]: aspects of it and how to present it i know the lawyer started talking about hipaa
967
::[Unknown4]: being healthy income paying prepared uh attorneys and so that's what hipaa stood
968
::[Unknown4]: for them uh
969
::[Unknown5]: first
970
::[Unknown4]: and um or paying aware attorneys and so they they would make with jokes about it
971
::[Unknown4]: but i can talk about this anytime and act to talk
972
::[Unknown5]: awesome
973
::[Unknown4]: about up thank too jo
974
::[Unknown5]: yeah what figure that out for another episode that
975
::[Unknown4]: yes
976
::[Unknown4]: one well thank
977
::[Unknown5]: thanks again
978
::[Unknown4]: you for me i really appreciate it and
979
::[Unknown5]: yeah
980
::[Unknown4]: again i i'm not blushing as much right now but i'm still very flattered and very
981
::[Unknown4]: honored this is a privilege for me to do this for you and willing to do it anytime
982
::[Unknown5]: i appreciate it
983
::[Unknown4]: okay