Episode 114

Dr. Sybil Ingram: What we get wrong about HIPAA!

Dr. Sybil Ingram is a successful and respected governance, management and technology professional with significant expertise with various information security and quality audits and assessments (domestically and internationally), quality management systems, risk management, privacy/security challenges and information systems solutions. With over twenty years of professional experience, she is one of the nation's foremost champions and active consultants for the HIPAA regulations and implementation challenges She has held key positions with industry leaders such as iPatient Axis, McKesson, Johnson & Johnson, Abbott Laboratories Boston Scientific, Amgen and the Centers for Disease Control and Prevention (CDC). In addition, Dr. Ingram is nationally board certified by the American Society of Clinical Pathologists, a member of the international scientific and engineering society. he is an inventor and held a patent [pending] with the United States Patent & Trademark Office (USPTO).

Ingram and Associates

Cyber Security Forum Initiative

https://www.linkedin.com/in/possybilities/

Dr. Sybil's Website

On this Episode Dr. Ingram discusses with John

1) The research they did together with Cyber Security Forum Initiative as it pertains to the current situation in Russia and Ukraine

2) Dr. Ingram's background transitioning from clinical to HIPAA expert

3) The power of having good mentors

4) In the time of Covid, what the public gets wrong with HIPAA

5) Dr. Ingram's work assisting COVID audits


Listen to full episodes on your favorite podcast platform or by visiting: https://podcast.thebusinesssamurai.com

To work with John Barker and Barker Management Consulting ► https://barkerleadership.com

Follow John Barker at:

🐦Twitter ► https://twitter.com/johnbarker78

🌎 LinkedIn ► https://www.linkedin.com/in/johnbarke...

🔴 Instagram ► https://www.instagram.com/johnbarker78/

Mentioned in this episode:

LammarMarie.com Buy 1 Get 1 50% Off

This episode of the business samurai podcast is brought to you by Lammar Marie popcorn. You can get now one bag and get a second bag for half off with the code Barker at checkout. So if you like your snacks, a little sweet, a little salty, a little mixture of both. Go check out lammarmarie.com and all of the flavors that they have for your next snacking sensation. That is lammarmarie.com with code Barker at checkout for buy one, get one half off.

Transcript
::

[Unknown5]: welcome to the business samurai podcast i'm your host john barker got another

83

::

[Unknown5]: fantastic episode today got doctor sybil ingram she is a successful and respected

84

::

[Unknown5]: governance

85

::

[Unknown4]: yeah

86

::

[Unknown5]: management and technology professional with significant expertise with various

87

::

[Unknown5]: information security and quality audits and assessments domestically and

88

::

[Unknown5]: internationally specialized in quality management systems risk management privacy

89

::

[Unknown5]: security challenges and information system solutions with over twenty years of

90

::

[Unknown5]: professional experience she is one of the nation's foremost champions and active

91

::

[Unknown5]: consultants for the hipaa regulations and implementation challenges she has held

92

::

[Unknown5]: key positions with industry leaders such as ipi access mckesson johnson and

93

::

[Unknown5]: johnson abbott laboratories boston scientific amgen and the centers for disease

94

::

[Unknown5]: control and prevention the cdc in addition dr inm is nationally board certified by

95

::

[Unknown5]: the american society of clinical pathologist a member of the international

96

::

[Unknown5]: scientific and engineering society she is an inventor and held a patent pending

97

::

[Unknown5]: with the united states patent and trademark office she has a phd in health science

98

::

[Unknown5]: and medical ethics mba and information systems program management and a ba in

99

::

[Unknown5]: medical technologies doctor ingram that is a very impressive resume and thank you

100

::

[Unknown5]: for taking the time to talk to me today

101

::

[Unknown4]: not pro i io

102

::

[Unknown4]: i'm blushing and i know you really can't tell but whenever somebody reads my bio

103

::

[Unknown4]: um part of me says yes yes i i actually did that i did that

104

::

[Unknown5]: you you did all that stuff exactly

105

::

[Unknown4]: i know it's i don't know you know and and it just i'm flattered that you would

106

::

[Unknown4]: have me on your show uh number one uh number two i wish you much much success with

107

::

[Unknown4]: this endeavor and i want to definitely try to make it worth you a while to invite

108

::

[Unknown4]: me to be um

109

::

[Unknown4]: with you on your show today

110

::

[Unknown5]: no i i again i appreciate it uh for everyone listening or if you're having to

111

::

[Unknown5]: watch any of this on uh the youtube channel first met dr ingram on a project that

112

::

[Unknown5]: we did volunteer

113

::

[Unknown4]: oh

114

::

[Unknown5]: for the cybersecurity for initiative a little over a year ago we worked on it for

115

::

[Unknown5]: about three months

116

::

[Unknown4]: one

117

::

[Unknown5]: and it's actually where i kind of want to start kind of a jumping off point before

118

::

[Unknown5]: we go into hipaa and privacy and all the stuff that your career has basically been

119

::

[Unknown5]: around

120

::

[Unknown4]: is there

121

::

[Unknown5]: because i felt like the the csi project that we worked on on information warfare

122

::

[Unknown5]: relevant to current events as we're as we're currently recording this right now in

123

::

[Unknown5]: march of twenty twenty two you've got the russia creating invading ukraine and a

124

::

[Unknown5]: lot i know there was other subsets of our team members that i think actually focus

125

::

[Unknown5]: specifically on those areas i know i was on

126

::

[Unknown5]: china and taiwan and the

127

::

[Unknown4]: what

128

::

[Unknown5]: relationship with there but how information misinformation disinformation really

129

::

[Unknown5]: you know affects perspective and in the world so i kind of want to get your take

130

::

[Unknown5]: after you've went you know you went through that you were i believe the overall

131

::

[Unknown5]: project manager for that program and had a lot more visibility to the whole thing

132

::

[Unknown5]: but get your thoughts on what you learned during that experience

133

::

[Unknown5]: working working that project

134

::

[Unknown5]: to current events today

135

::

[Unknown4]: well yes i i when we don't want to be remiss in terms of mentioning a dikes

136

::

[Unknown4]: with the

137

::

[Unknown5]: great

138

::

[Unknown4]: css she was the project management liaison

139

::

[Unknown4]: us and our team as well as with us si no yeah c fs uh excuse me and um that was

140

::

[Unknown4]: one of the most um exciting projects even though i pulled out some of my lots in

141

::

[Unknown4]: the process of working on the

142

::

[Unknown4]: that i've ever worked on in my life the content of the subject matter was very

143

::

[Unknown4]: informative it was very timely i believe at one point we had about twenty two

144

::

[Unknown4]: people on our team um

145

::

[Unknown5]: sounds about right

146

::

[Unknown4]: would come and go you know based on what we needed at the project at the

147

::

[Unknown4]: particular time the subject matter expertise that we needed for different

148

::

[Unknown4]: countries for different nation states for different technologies that the

149

::

[Unknown4]: different nation states could

150

::

[Unknown4]: potentially use in water to siphon off information from another nation state or

151

::

[Unknown4]: just uh you know and we did a little bit of a a a dive into the uh dark hat world

152

::

[Unknown4]: with uh hackers and what actors could do and how that information could be used um

153

::

[Unknown4]: in an in the various waves uh against uh other countries

154

::

[Unknown4]: and how governments were going to be getting into the use of the information if

155

::

[Unknown4]: they were privy to it we could look at some of the abc agencies and

156

::

[Unknown4]: here as well as agency agencies that they have in other countries that are

157

::

[Unknown4]: counterparts to ours and how they would use that information so

158

::

[Unknown4]: with our team

159

::

[Unknown4]: being uh a domestic team as well as an

160

::

[Unknown5]: yeah

161

::

[Unknown4]: international team because we had people in nigeria amsterdam we had people in

162

::

[Unknown4]: spain we had people in greece i believe

163

::

[Unknown4]: all the different type

164

::

[Unknown5]: this to be in france on ours

165

::

[Unknown4]: yeah yeah yeah that

166

::

[Unknown5]: yep

167

::

[Unknown4]: that's true that someone in france um working that project

168

::

[Unknown4]: getting everybody together on one patient

169

::

[Unknown4]: um

170

::

[Unknown4]: thinking with one voice about information warfare

171

::

[Unknown4]: from all the different perspectives that we we were challenged with

172

::

[Unknown4]: the project was for us to develop of course

173

::

[Unknown4]: that was going to cover nine different modules and those

174

::

[Unknown5]: yeah

175

::

[Unknown4]: nine different modules looked at all the different areas associated with nation

176

::

[Unknown4]: state

177

::

[Unknown4]: issues as well as

178

::

[Unknown4]: the history of information warfare we uh looked at some of the challenges that

179

::

[Unknown4]: would be presented to our government our congress

180

::

[Unknown4]: and so whenever uh pos uh releases that i would definitely encourage people to go

181

::

[Unknown4]: ahead and look at the product that we produced last year he has things scheduled

182

::

[Unknown4]: and so um it's good that he does things early on but that the topic content

183

::

[Unknown4]: subject matter as well as working with a group that i'd never worked with before

184

::

[Unknown4]: we didn't know each other um uh being able to pull that off and pull off well i

185

::

[Unknown4]: was what one of my biggest achievements in my career whether it was on a voluntary

186

::

[Unknown4]: basis or not

187

::

[Unknown5]: no and it and you know speaking of you know i think i i was there in the beginning

188

::

[Unknown5]: i believe

189

::

[Unknown4]: one

190

::

[Unknown5]: it was a lot i think i think for me a lot of the content that i was privy to

191

::

[Unknown5]: because we

192

::

[Unknown4]: oh

193

::

[Unknown5]: had a lot of people that that worked in pretty high levels of government in some

194

::

[Unknown5]: of the some of the three letter agencies

195

::

[Unknown4]: well

196

::

[Unknown5]: and what we're seeing now i think with and i'm going to tie this back into the

197

::

[Unknown5]: ukraine and russia

198

::

[Unknown4]: yes

199

::

[Unknown5]: is what jim polo and i and

200

::

[Unknown5]: we had talked about before with a gray zone escalation you know where do these

201

::

[Unknown5]: things that are not necessarily military you know the cyber warfare actually will

202

::

[Unknown5]: evolve itself into boots on the ground type of situation

203

::

[Unknown4]: s

204

::

[Unknown5]: and we're seeing and you know just a little bit that i've seen on the news anyway

205

::

[Unknown5]: seems like you know those attacks are the cyber attacks are increasing

206

::

[Unknown4]: yes

207

::

[Unknown5]: are we going to is they going to cross a threshold at some point where this

208

::

[Unknown5]: becomes they somebody's hit

209

::

[Unknown4]: what

210

::

[Unknown5]: a major critical infrastructure electric power grid you know something along that

211

::

[Unknown5]: line that's going go okay we're not just gonna fight back cyber we're gonna you

212

::

[Unknown5]: know start lobbing bombs literally over there and i don't know if that was

213

::

[Unknown5]: something in you know if you agree with that or based on the research that you

214

::

[Unknown5]: that we did i mean we did this for months and months on end

215

::

[Unknown4]: right

216

::

[Unknown4]: if you've been listening to alternative news sources

217

::

[Unknown4]: and maybe some of mainstream media but mostly alternative new sources that have

218

::

[Unknown4]: not been censored the

219

::

[Unknown4]: if we're at the death time level associated with the potential nation state cyber

220

::

[Unknown4]: attack coming from that direction over here we're maybe about a def con three

221

::

[Unknown4]: point five

222

::

[Unknown4]: i think

223

::

[Unknown5]: okay

224

::

[Unknown4]: four is the highest right and so uh a lot of people are you know all the things

225

::

[Unknown4]: that we ask for people to do in information security and cybersecurity in terms of

226

::

[Unknown4]: hardening their systems

227

::

[Unknown5]: oh

228

::

[Unknown4]: against a potential cyber attack all of a sudden everyone is running around and

229

::

[Unknown4]: and trying to do that because um the war is real what's happening between russia

230

::

[Unknown4]: and ukraine is real um it's no longer gone from a conspiracy therapy theory to

231

::

[Unknown4]: being a uh definitely a credible threat

232

::

[Unknown4]: even though it let's say that um the president

233

::

[Unknown4]: of russia hasn't necessarily come out and state of that there are other people

234

::

[Unknown4]: that are close very close to the situation

235

::

[Unknown4]: that have been saying this that if something like this were to occur this

236

::

[Unknown4]: incursion right now that we're having between ukraine and uh russia that we could

237

::

[Unknown4]: expect

238

::

[Unknown4]: a cyber security attack and for that people need to be prepared for and it's no

239

::

[Unknown4]: longer something theoretical or hypotheticals something that is very real and

240

::

[Unknown4]: could happen and has been threatened to occur

241

::

[Unknown4]: during this incursion so

242

::

[Unknown4]: heads up to anyone who happens to be listening to this on this particular day if

243

::

[Unknown4]: you haven't started hardening your systems um is better late than ever but you

244

::

[Unknown4]: need to do it now

245

::

[Unknown5]: no not i totally agree with uh with with all those comments and we we had chuck

246

::

[Unknown5]: brooks on' not sure if you're familiar with chuck brooks or not but um you know

247

::

[Unknown5]: big you know

248

::

[Unknown4]: trees

249

::

[Unknown5]: thinker in the in the space and and he believes that stuff like happened with

250

::

[Unknown5]: colonial pipeline last year and now you've got this situation now has really made

251

::

[Unknown5]: this kind of a mainstream topic because now you're looking at things that are

252

::

[Unknown5]: targeting you know

253

::

[Unknown5]: the typical person at home versus strategic government or universities or

254

::

[Unknown5]: businesses that are at threat is starting to affect people in their houses and

255

::

[Unknown5]: their homes

256

::

[Unknown4]: well we have a

257

::

[Unknown5]: but

258

::

[Unknown4]: lot of off topic excuse me soft targets over here

259

::

[Unknown5]: yep

260

::

[Unknown4]: and you know with me being in health care health care is definitely a soft target

261

::

[Unknown4]: health care needs to be open for a variety of reasons in terms of sharing

262

::

[Unknown4]: information back and forth between people

263

::

[Unknown4]: and uh unfortunately um

264

::

[Unknown4]: in the process of having to be so open it's it's very soft schools are soft

265

::

[Unknown4]: targets you know

266

::

[Unknown5]: uh

267

::

[Unknown4]: i'm hoping that our utilities are not uh soft targets i'm hoping that they become

268

::

[Unknown4]: as hardened as as they can uh become and there's no reason why um there shouldn't

269

::

[Unknown4]: be more funding allocated to make sure that our infrastructure over here does not

270

::

[Unknown4]: suffer what the colonial pipeline people have suffered the other thing that i

271

::

[Unknown4]: wanted to mention and

272

::

[Unknown5]: like

273

::

[Unknown4]: man cause it just kind of came to my head while while we were talking about this

274

::

[Unknown4]: subject you know the magician has you look at the hand over here

275

::

[Unknown4]: while he's really doing something

276

::

[Unknown4]: so you know if if we're just looking at russia and ukraine brushing ukraine

277

::

[Unknown4]: russian

278

::

[Unknown5]: right

279

::

[Unknown4]: we need to maybe kind of look over here a little bit at one of the countries

280

::

[Unknown4]: that's notorious for nation state

281

::

[Unknown4]: incidents and it starts with a dix c and ends her

282

::

[Unknown4]: and um

283

::

[Unknown4]: um you know this is a a good time while people are distracted over

284

::

[Unknown5]: yeah

285

::

[Unknown4]: here for them to just come swooping in with uh some of the things that they

286

::

[Unknown4]: typically do and who's gonna get the blame are we going to blame russia we're

287

::

[Unknown4]: probably not gonna brain blame excuse me ukraine but russia will probably come up

288

::

[Unknown4]: first because of all those back and forth and back and forth and rhetoric and you

289

::

[Unknown4]: know what's going on when actually we need to look at the big c and the the a

290

::

[Unknown4]: people doing things or you know there's a a couple of others that we could be

291

::

[Unknown4]: looking at as well but we need to keep a swivel on at all times right now

292

::

[Unknown4]: because the distraction is very real and a distraction will cause us

293

::

[Unknown4]: to not be on a point where we need to be so we need to keep all the three sixty

294

::

[Unknown4]: well

295

::

[Unknown5]: in some the video game i played we called that third teaming you're in that heavy

296

::

[Unknown5]: firefight with the first team and the third team comes out and knocks you out so

297

::

[Unknown4]: yeah that's

298

::

[Unknown4]: that's exactly right

299

::

[Unknown5]: yeah so let's let's pivot you mentioned you mentioned health care let's get into

300

::

[Unknown5]: kind of your area of expertise what you've been doing i believe

301

::

[Unknown5]: twenty two years

302

::

[Unknown4]: good

303

::

[Unknown5]: with hipaa regulations give

304

::

[Unknown4]: no

305

::

[Unknown5]: us a little bit of your background how did you get involved at that this high of a

306

::

[Unknown5]: level uh with with hipaa because it's been i believe the what it became law

307

::

[Unknown5]: nineteen ninety six

308

::

[Unknown4]: nineteen ninety six word uh was uh affected into law

309

::

[Unknown5]: okay

310

::

[Unknown4]: by president clinton at that time

311

::

[Unknown4]: you know how did i get here

312

::

[Unknown5]: yeah

313

::

[Unknown4]: i laugh at myself i you know and and that's a question that i ask myself on on a

314

::

[Unknown4]: regular basis because as a little girl this is not what i thought that i was going

315

::

[Unknown4]: to be doing

316

::

[Unknown4]: as a young woman i this is definitely not what i thought i was going to be doing

317

::

[Unknown4]: and as a as a pretty middle

318

::

[Unknown4]: woman you know professional woman this is still not what i thought i was going

319

::

[Unknown4]: um but i what i will say is i've enjoyed the journey i've i've enjoyed the journey

320

::

[Unknown4]: from going from uh

321

::

[Unknown4]: a clinical background research background a patient care background into health

322

::

[Unknown4]: care information systems where i learned about security information security at

323

::

[Unknown4]: that time to going and working with different consulting firms being a director

324

::

[Unknown4]: with uh a couple of different companies

325

::

[Unknown4]: and then

326

::

[Unknown4]: right after the y two k initiative of trying to make sure that no planes fell out

327

::

[Unknown4]: of the air at midnight when we

328

::

[Unknown5]: and she

329

::

[Unknown4]: turn for the next century are being thrown immediately immediately

330

::

[Unknown4]: in two thousand into hipaa and so uh i remember i went to about sixteen different

331

::

[Unknown4]: uh

332

::

[Unknown4]: um conferences trying to figure out what this thing was you know trying to make

333

::

[Unknown4]: sure that it wasn't a hippopotamus that was being put on

334

::

[Unknown5]: yeah

335

::

[Unknown4]: here

336

::

[Unknown4]: and uh the uh hippopotamus is definitely

337

::

[Unknown4]: what it turned out to be in terms of it being a mascot

338

::

[Unknown4]: for for hip and people misspelling it all the time and and that type of thing but

339

::

[Unknown4]: uh i was fortunate to have uh very good uh mentors at that time um bill bigh wave

340

::

[Unknown4]: was one of the authors of hipaa and he took me under his wing

341

::

[Unknown5]: no

342

::

[Unknown4]: uh during that time and i was able to shadow him on many of those conferences and

343

::

[Unknown4]: um just have many uh talks with him uh another one was attorney alan goer mentored

344

::

[Unknown4]: me quite well from a the attorney's perspective because the attorneys

345

::

[Unknown4]: specifically when it came to the privacy portion of the regulation really jumped

346

::

[Unknown4]: on it at that time because it moved from edr to privacy to security and so there

347

::

[Unknown4]: was

348

::

[Unknown5]: yeah

349

::

[Unknown4]: another gentleman by tom hanks that worked with me and beacon partners

350

::

[Unknown4]: and tom hired me and then about eight weeks later um he left he was considered one

351

::

[Unknown4]: of the leaders uh the futurist in hip at that time and had about twelve different

352

::

[Unknown4]: um presentations lined up for him to give

353

::

[Unknown4]: and what happened was when he left they put me in his spot so

354

::

[Unknown5]: go

355

::

[Unknown4]: twelve people who are expecting this futurist to come along that they had been

356

::

[Unknown4]: talking to to years just in and chat and here i show up giving the presentation so

357

::

[Unknown4]: you know uh that which doesn't kill you makes you stronger

358

::

[Unknown4]: and uh uh i was able to learn very quickly and come back and get back with people

359

::

[Unknown4]: where i couldn't answer a question very quickly with them within the next forty

360

::

[Unknown4]: eight hours and just have that level of discipline and rigor about this particular

361

::

[Unknown4]: law now it's morphed as you know over the years

362

::

[Unknown4]: the business associates in the beginning did not have to be compliant with

363

::

[Unknown4]: regulation only covered entities and i mean this there is whole issue about you

364

::

[Unknown4]: know what's a covered entity it's just the law is very clear it's very clear it's

365

::

[Unknown4]: um people providers um insurance companies that type of thing you have health care

366

::

[Unknown4]: clearing houses primarily but it basically talks about those people that need to

367

::

[Unknown4]: send um

368

::

[Unknown4]: information

369

::

[Unknown4]: electronically and we're talking about the claim from a health care encounter

370

::

[Unknown4]: people who send claims electronically to insurance companies electronically as pot

371

::

[Unknown4]: of paper those people have to be hippa compliant it's no more than that so people

372

::

[Unknown4]: will always try to run around and figure out well do i have to be compliant to to

373

::

[Unknown4]: be look at this little definition i hear it

374

::

[Unknown4]: not that big and the operative word

375

::

[Unknown5]: i

376

::

[Unknown4]: of this definition is electronic so if

377

::

[Unknown5]: yes

378

::

[Unknown4]: you f if you do that you know yeah you have to do this so then when the business

379

::

[Unknown4]: associates coming along especially when you look in the transcription area where a

380

::

[Unknown4]: lot of the transcription was going out of country

381

::

[Unknown4]: and um where doctors would dictate you know a

382

::

[Unknown5]: yep

383

::

[Unknown4]: procedure during the day um they would have somebody to transcribe it out of

384

::

[Unknown4]: country at night and then seven o'clock the next morning six o'clock the next

385

::

[Unknown4]: morning they were come in and everything's already tied down and ready for them

386

::

[Unknown4]: there was no way to hold those people accountable

387

::

[Unknown4]: right because they weren't uh in the us should a breach occur out of the country

388

::

[Unknown4]: so that put in two thousand nineteen with the uh omnibus act with a hipaa ha tech

389

::

[Unknown4]: act when they made business associates accountable and having to be

390

::

[Unknown4]: hippa compliant with at least the security and privacy rules that changed a lot in

391

::

[Unknown4]: terms of the perspective of oh i'm a business associate i don't really have to do

392

::

[Unknown4]: anything k not yeah now you do and you're a business associ she'd buy another very

393

::

[Unknown4]: small definition you know if you're receiving or doing something for on the behalf

394

::

[Unknown4]: this covered entity up here that makes with protected health information that

395

::

[Unknown4]: makes you a business associate and so

396

::

[Unknown4]: i people laugh at me all the time because i'm batus walking encyclopedia of hipaa

397

::

[Unknown4]: and

398

::

[Unknown5]: we couldn't tell i couldn't tell by listening to that

399

::

[Unknown4]: yes i i have to laugh at myself but

400

::

[Unknown4]: and i do you know i i take my work very seriously but i don't take myself very

401

::

[Unknown4]: seriously and um yeah but i i've seen hippa weaponized

402

::

[Unknown4]: s a you know over these years well people in the hospitals or at the doctor's

403

::

[Unknown4]: office or at the pharmacies or whatever we'll use hipaa as this weapon like

404

::

[Unknown4]: no i'm not gonna give you do this because hipa told me

405

::

[Unknown4]: or him and i'm looking around for you know the sentient being that hipaa has

406

::

[Unknown4]: become

407

::

[Unknown4]: it's taken on a life of its own well i can't do this as this i can do so and it

408

::

[Unknown4]: really beat me being in the field and and knowing that that's not true um i at

409

::

[Unknown4]: first i would try to correct people

410

::

[Unknown4]: and then i said now

411

::

[Unknown4]: let me just speak to your supervisor

412

::

[Unknown4]: that your supervisor supervisor

413

::

[Unknown4]: you know if we're gonna have this little fight i'm not gonna have a fight with you

414

::

[Unknown4]: i'm not gonna have a fight with a person that believes that hippa is a levy

415

::

[Unknown4]: breathing soul

416

::

[Unknown4]: with tea

417

::

[Unknown5]: so

418

::

[Unknown5]: let me preface the my longer question based on how you answer the most of the

419

::

[Unknown5]: place you're working with are you walking with clearly it's like bigger

420

::

[Unknown5]: organizations bigger corporations in the medical industry or larger hospitals

421

::

[Unknown5]: versus the private practice areas

422

::

[Unknown4]: no

423

::

[Unknown5]: the smaller doctors

424

::

[Unknown4]: anybody who sends claims electronically so i could

425

::

[Unknown5]: no no i mean you specifically

426

::

[Unknown4]: yeah me i've i've worked a gamut

427

::

[Unknown5]: so how

428

::

[Unknown4]: yeah i'm mostly larger organization though but i've had some private clients where

429

::

[Unknown4]: yeah i'm mostly larger organization though but i've had some private clients where

430

::

[Unknown4]: they're won dock shops yeah

431

::

[Unknown4]: they're won dock shops yeah

432

::

[Unknown5]: sure so one of the things that's been happening in the medical industry over the

433

::

[Unknown5]: last several years as a mass consolidation you know there's a lot of private

434

::

[Unknown5]: practices that are going out the

435

::

[Unknown4]: well

436

::

[Unknown5]: ones that are there have to tie in into the uh you know into the large hospital

437

::

[Unknown5]: because you know they go through surgery so they're going to you know

438

::

[Unknown5]: electronically electronically transmit you know to to the surgery centers or to

439

::

[Unknown5]: the main hospital to do work

440

::

[Unknown4]: right

441

::

[Unknown5]: how has that affected uh you know enforcement you know between the the the private

442

::

[Unknown5]: doctors because i've went into some that literally

443

::

[Unknown5]: they're not adhering to anything

444

::

[Unknown5]: and then i'm going hold up your entry point into the hospital you've got all this

445

::

[Unknown5]: stuff tied into there

446

::

[Unknown4]: no what

447

::

[Unknown5]: do you think that this will kind of harden the systems up a little bit as we're

448

::

[Unknown5]: getting consolidation has it been a problem transferring records around how do you

449

::

[Unknown5]: think that's affected the industry from a security standpoint with this mass

450

::

[Unknown5]: consolidation

451

::

[Unknown5]: as the larger companies are sucking them up

452

::

[Unknown4]: well this is okay so it depends on how they're being required um

453

::

[Unknown4]: if that smaller practice is being acquired um

454

::

[Unknown4]: and they're going to be considered employees of the larger organization

455

::

[Unknown4]: then the larger organization can go ahead and impose their expectations of

456

::

[Unknown4]: policies and procedures

457

::

[Unknown4]: software interfaces

458

::

[Unknown4]: h seven standard mapping

459

::

[Unknown4]: et cetera et cetera et cetera back and forth you know to the hospital or to the

460

::

[Unknown4]: larger organization like a health care insurance company

461

::

[Unknown4]: if the smaller practices is still just going to be considered a contracted server

462

::

[Unknown4]: contracted service to the hospital or to the ambulatory care uh surgery center or

463

::

[Unknown4]: something like that then they have no way of enforcing

464

::

[Unknown4]: this uh person over here to make sure that they have their policies and procedures

465

::

[Unknown4]: that they've gone through their security their privacy and they've done their risk

466

::

[Unknown4]: analysis per hipaa they can't do that um

467

::

[Unknown4]: unless they have it in the contract

468

::

[Unknown4]: that you will be hippa compliant per forty five cfr r one six sixty one hundred

469

::

[Unknown4]: sixty four i mean it has to be so the only way that the larger organization can

470

::

[Unknown4]: enforce it upon the small organization is contractual okay and so one of the

471

::

[Unknown4]: things that the large organization needs to do as a part of their due diligence if

472

::

[Unknown4]: they're going to be working with this other entity is to go

473

::

[Unknown5]: yeah

474

::

[Unknown4]: in there and make sure that they have their policies and procedures to make sure

475

::

[Unknown4]: that they've done their risk analysis make sure that all their people have been

476

::

[Unknown4]: trained i mean that there's just some basic things that they need to do as a part

477

::

[Unknown4]: of their due diligence during the contract phs that's the only way that they can

478

::

[Unknown4]: you know they don't they cannot dictate the emr ehr that these people are going to

479

::

[Unknown4]: use over here but what

480

::

[Unknown5]: sure

481

::

[Unknown4]: they can say is in order for your information to come our way it needs to come

482

::

[Unknown4]: over here in this format

483

::

[Unknown4]: it can be usually it's gonna be h l seven um or if if we're going to be going to

484

::

[Unknown4]: the insurance companies then it needs to be an cx one two fifty and fifty ten i

485

::

[Unknown4]: believe fifty fifty fifty and fifty yeah fifty and fifty ten are the

486

::

[Unknown4]: new standards for the need to go back and forth if you're going to the insurance

487

::

[Unknown4]: company so there's ways that it can be enforced it just depends on if this entity

488

::

[Unknown4]: is a contractor or if this people if the people over here have been grabbed and

489

::

[Unknown4]: are now an employee of the large organization over the years

490

::

[Unknown5]: the reason i bring that up is because when we talk about security we talk about

491

::

[Unknown5]: supply chain issues all the time and who your partners are who your vendors are

492

::

[Unknown5]: and i tell you a story i

493

::

[Unknown4]: okay

494

::

[Unknown5]: am obviously nowhere near as in depth with this but this is an experience that i

495

::

[Unknown5]: had several years ago this practice is has been bought out but i was brought in to

496

::

[Unknown5]: do an initial overall hipaa assessment

497

::

[Unknown4]: oh

498

::

[Unknown5]: and walking into the

499

::

[Unknown5]: i laugh a little bit just thinking about this

500

::

[Unknown4]: yeah

501

::

[Unknown5]: i walk into an environment where every piece of data everything circumvented the

502

::

[Unknown5]: firewall within the facility

503

::

[Unknown4]: well

504

::

[Unknown5]: it wasn't in place

505

::

[Unknown5]: and that the guest wi fi if you were sitting in the lobby was on the same you know

506

::

[Unknown5]: basically the same network you could access the server if you knew what you were

507

::

[Unknown5]: doing or sitting in the parking lot everything was totally accessible and it was

508

::

[Unknown5]: happened to be tied into the hospital that was sitting in the same parking lot

509

::

[Unknown4]: well

510

::

[Unknown5]: and i didn't know you know and and i and i've been curious of if the hospital for

511

::

[Unknown5]: instance knew about that would they

512

::

[Unknown4]: one

513

::

[Unknown5]: sit there and go oh up we got to cut you off because you're putting us at risk

514

::

[Unknown5]: from us maintaining our thing

515

::

[Unknown4]: what

516

::

[Unknown5]: so that how does an enforcement work in a in a situation like that

517

::

[Unknown4]: what is constant polling and trolling in the background i mean if you have um if

518

::

[Unknown4]: you're not logging events um if you're not

519

::

[Unknown5]: uhhuh

520

::

[Unknown4]: logging events to your c c t v if you're not having somebody look at the c c t v

521

::

[Unknown4]: even looking somebody uh looking and checking the logging events of people

522

::

[Unknown4]: entering

523

::

[Unknown4]: where they're badging in and out if you're not looking to see if people are

524

::

[Unknown4]: carrying things in and out i mean like that's the part of that's on the technical

525

::

[Unknown4]: side of uh

526

::

[Unknown5]: sure

527

::

[Unknown4]: some of it's on the physical side

528

::

[Unknown4]: of the security rule in hipaa so it's just a matter of people you know it's what

529

::

[Unknown4]: i'm finding john is that people feel like

530

::

[Unknown4]: it's a one and done type of deal okay

531

::

[Unknown5]: unfortunately

532

::

[Unknown4]: i'm

533

::

[Unknown5]: that's and that's in unfortunately a lot of the in industry cyber we're there

534

::

[Unknown4]: like right i've b it

535

::

[Unknown5]: for the second maybe

536

::

[Unknown4]: right i've done it i it was painful i don't feel like dealing with it anymore but

537

::

[Unknown4]: i've done it and then an incident comes along and then people wonder you know well

538

::

[Unknown4]: how did that happen because i set up all these things in place to make sure that

539

::

[Unknown4]: it didn't happen well did you test it did you test what you implemented was what

540

::

[Unknown4]: you implemented factor when you tested it if if you if you didn't test it then

541

::

[Unknown4]: that's why you had a problem if you did test it and you found out that it wasn't

542

::

[Unknown4]: effective then why don't you come up with another solution if you're supposed to

543

::

[Unknown4]: have people monitoring these things

544

::

[Unknown4]: then and they're not telling you

545

::

[Unknown4]: then you've got you know some problems there with people not

546

::

[Unknown5]: yeah

547

::

[Unknown4]: reporting that there's an issue that's why you know you go in and and you sauce

548

::

[Unknown4]: all those things and but but nobody's saying anything

549

::

[Unknown4]: probably because they think john's looking at it or terry's looking at or you know

550

::

[Unknown4]: jim you're supposed to be doing that over there and then you get this you know

551

::

[Unknown4]: point you know the story about when you point one finger up you've got three

552

::

[Unknown4]: fingers pointing back at yourself and so it it's just a matter of

553

::

[Unknown4]: not adopting the mindset of that putting things together is one and done when it

554

::

[Unknown4]: comes to security

555

::

[Unknown4]: that security has to be all monitored all the time and that you need to to look at

556

::

[Unknown4]: it more than once a year even you know people say go ahead and look at your

557

::

[Unknown4]: policies and procedures annually but you need to look at your process it's no less

558

::

[Unknown4]: no less than every ninety days um to make sure that you know they're working um i

559

::

[Unknown4]: don't know how many times i have to talk to people about patch management

560

::

[Unknown4]: you know

561

::

[Unknown5]: really okay

562

::

[Unknown4]: why why is it that i'm having to talk to you about making sure that you know

563

::

[Unknown4]: you've got the most update patches on whatever software or firmware that you're

564

::

[Unknown4]: working with and why is it that i

565

::

[Unknown5]: what you

566

::

[Unknown4]: need to talk to you about the fact that it probably needs to be done in sequence

567

::

[Unknown4]: when you patch because you can't patch in you haven't passed abc and d yet so that

568

::

[Unknown4]: it

569

::

[Unknown5]: yeah i was i was gonna clarify for people listening if they didn't know what that

570

::

[Unknown5]: meant like he al up you haven't passed in nine months don't start with the new one

571

::

[Unknown5]: and don't wait nine months

572

::

[Unknown4]: well no we're not trying to make a baby ah you know

573

::

[Unknown5]: no

574

::

[Unknown4]: we're trying to keep safe stay secure and stay functional stay up you know at any

575

::

[Unknown4]: given time we don't want to bring ourselves down you know when we've got this

576

::

[Unknown4]: fence and we've got they're building all these firewalls the last person that you

577

::

[Unknown4]: want to employ your system is yourself or your organization

578

::

[Unknown5]: right

579

::

[Unknown5]: do you find that you know a lot of people consider security it's a you know it's a

580

::

[Unknown5]: call center but now

581

::

[Unknown5]: are you finding a lot of the organizations are they trying to just get by with the

582

::

[Unknown5]: bare minimum or they really take it seriously now with ransomware increases threat

583

::

[Unknown5]: vectors are much more with the more devices you know your surface detect area is

584

::

[Unknown5]: way broader than it used to be particularly there's things in in the medical

585

::

[Unknown5]: industry that i don't think people even think about you know we always think about

586

::

[Unknown5]: your

587

::

[Unknown4]: oh

588

::

[Unknown5]: computers or your phones but look at all the medical devices that may you know

589

::

[Unknown5]: they're probably i'm gonna call them iot devices internet of things

590

::

[Unknown4]: they are yeah

591

::

[Unknown5]: devices for a lack of a better term time but

592

::

[Unknown4]: yeah

593

::

[Unknown5]: do you find that the hospitals really do make an effort of this or is this just

594

::

[Unknown5]: trying to get and i used to term hospitals broadly i didn't mean that but

595

::

[Unknown4]: yeah i understand

596

::

[Unknown5]: but um do you find that it really is the security of the information the data you

597

::

[Unknown5]: know because there's a physical risk to hear if something happens on top of just

598

::

[Unknown5]: data leakage data people stealing data

599

::

[Unknown4]: so what i i would say is

600

::

[Unknown4]: health care um who has a tendency to be slow adopting certain things um

601

::

[Unknown4]: health care really needs to have very strong c ts and cisos chief information

602

::

[Unknown4]: security officers when they had at

603

::

[Unknown5]: yeah

604

::

[Unknown4]: a minimum a very strong chief information security officer that is very vocal

605

::

[Unknown4]: um and is the i don't wanna say a control freak or anything like that but is has

606

::

[Unknown4]: developed those relationships in the organization where anything that comes in

607

::

[Unknown4]: that may connect to the internet i need to know about it

608

::

[Unknown4]: and please let me evaluate it so that i can keep it secure for either the

609

::

[Unknown4]: organization or the patient that is you're going to put this medical device into

610

::

[Unknown4]: that is going to be sending data back to their primary physician or back to you

611

::

[Unknown4]: know the health care organization please let me be a part of that decision

612

::

[Unknown4]: when the cto cio the ciso or whatever is not involved at that level

613

::

[Unknown4]: then you're going to have leakages occur across the organization

614

::

[Unknown4]: and all of that can be prevented if they are brought in early on in the decision

615

::

[Unknown4]: making process

616

::

[Unknown4]: they need to be a part of every panel of every medical device is being brought in

617

::

[Unknown4]: whether the device is class one class two class three per fda

618

::

[Unknown4]: categorization with class three being implantable

619

::

[Unknown4]: so the um my just my short answer that is the stronger

620

::

[Unknown4]: those people are and the more that the organization embraces bringing them into

621

::

[Unknown4]: the decision making process the better everything is going to be in terms of

622

::

[Unknown4]: securing the information that's going to be going back and forth between i mean

623

::

[Unknown4]: because it could be hacked at any given time and that's one of the issues that

624

::

[Unknown4]: people are talking about in health care particularly with uh medical devices that

625

::

[Unknown4]: have rf d uh implanted into them

626

::

[Unknown5]: yep

627

::

[Unknown4]: you know for for tracking purposes inventory purposes or whatever and particularly

628

::

[Unknown4]: for those devices where let's say if you're looking at some of the devices that

629

::

[Unknown4]: regulate pacemakers

630

::

[Unknown4]: uh

631

::

[Unknown5]: i was gonna say i know somebody has a pacemaker and that's what i immediately

632

::

[Unknown5]: i was gonna say i know somebody has a pacemaker and that's what i immediately

633

::

[Unknown5]: thought to when you said that yep

634

::

[Unknown5]: thought to when you said that yep

635

::

[Unknown4]: right uh you're looking at paste mas p pacemakers you're looking at insulin pumps

636

::

[Unknown4]: we're looking at anesthesia types of devices where that information is being

637

::

[Unknown4]: transmitted back to a clinician and they're able to remotely titrated the

638

::

[Unknown4]: citrate the dosage up or down or with a pacemaker you know regulate

639

::

[Unknown4]: the uh pulses uh to the point where it's going to be best you know for for their

640

::

[Unknown4]: patient there that's yeah a man in the middle attack uh stereo right there if they

641

::

[Unknown4]: didn't involve security

642

::

[Unknown4]: in taking in and bringing in that device and then putting it to into a patient to

643

::

[Unknown4]: your earlier question though health care has become a little bit more sensitive

644

::

[Unknown4]: when it comes to ransomware

645

::

[Unknown5]: two

646

::

[Unknown4]: to the point where you know some doctors have had to to uh

647

::

[Unknown4]: close their doors

648

::

[Unknown4]: because they didn't have enough money to be able to pay the ransom to get to their

649

::

[Unknown4]: medical records to their patients that's very sad when those situations happen and

650

::

[Unknown5]: did you

651

::

[Unknown4]: and those situations are very preventable but the health care cl

652

::

[Unknown5]: yeah

653

::

[Unknown4]: clinicians and well just practitioners in general need to understand that there's

654

::

[Unknown4]: this whole security

655

::

[Unknown4]: organization society people out here that you can go to and ask for help um to to

656

::

[Unknown4]: have access to the information that someone is asking for a ransom for this

657

::

[Unknown4]: particular time and you don't have to lose your livelihood and you don't have to

658

::

[Unknown4]: recreate all that information over um but just ask you know be willing to ask for

659

::

[Unknown4]: help so

660

::

[Unknown4]: ransomware has become a number one issue uh within health care because there are

661

::

[Unknown5]: well

662

::

[Unknown4]: so many ransomware attacks that have been happening in health care

663

::

[Unknown5]: no absolutely and i and i used to see and uh you know reading articles and stuff

664

::

[Unknown5]: for the places that were getting hit a lot of them were not keeping their

665

::

[Unknown5]: technology up to date

666

::

[Unknown4]: what

667

::

[Unknown5]: they were using systems or a well passed end of life you know you're hearing

668

::

[Unknown5]: things of old versions of windows still in place you're like hold on a second

669

::

[Unknown5]: but i want to shift i've got a hipaa story and i

670

::

[Unknown4]: seven

671

::

[Unknown5]: wanted to see what your response would be to this because this happened to my mom

672

::

[Unknown4]: chicken

673

::

[Unknown5]: and i got a i got a call in a panic and i and and i think this ties into if

674

::

[Unknown5]: there's if there's fear of people reporting an incident

675

::

[Unknown4]: well one

676

::

[Unknown5]: but my mom was having some medical issues they had moved and she was going through

677

::

[Unknown5]: this very long arduous process of getting a copy of her records

678

::

[Unknown4]: blue

679

::

[Unknown5]: electron you know to transfer from where they were going to where she had to go

680

::

[Unknown5]: get seen

681

::

[Unknown4]: six

682

::

[Unknown5]: after waiting six months

683

::

[Unknown4]: forty

684

::

[Unknown5]: she she gets she logs into the portal they had sent it and there was somebody

685

::

[Unknown5]: else's entire medical record attached to hers

686

::

[Unknown5]: uh and and and so i get a call in a panic i'm like you need a you need to call the

687

::

[Unknown5]: hospital let you know let you know be upright that hey something something

688

::

[Unknown5]: happened because she got hers as well

689

::

[Unknown4]: well

690

::

[Unknown5]: and

691

::

[Unknown5]: come to find out that the other person's record was married to a doctor when they

692

::

[Unknown5]: got wind of it they weren't very happy about what had happened

693

::

[Unknown4]: what when

694

::

[Unknown5]: but the the hip officers between the two different hospitals started kind of

695

::

[Unknown5]: playing pointing fingers at each other and i'm like well that's not either our

696

::

[Unknown5]: problem you didn't verify what you sent and you didn't verify what you received

697

::

[Unknown4]: correct

698

::

[Unknown5]: i in my question with you know to them the reason i told my mom reported i said i

699

::

[Unknown5]: don't know if that's a one off or if that's systemic in their processes of what

700

::

[Unknown5]: they're doing it that's happening ten percent of the time fifteen percent of the

701

::

[Unknown5]: time if if that situation scenario happened to you or someone close to you

702

::

[Unknown5]: what how would you have responded to that

703

::

[Unknown4]: oh

704

::

[Unknown5]: i'm

705

::

[Unknown4]: you know

706

::

[Unknown5]: putting you on the spot

707

::

[Unknown4]: having too much knowledge sometimes can get you in trouble right

708

::

[Unknown5]: that's why i'm asking

709

::

[Unknown4]: right so in that scenario the person who was at fault was descender

710

::

[Unknown5]: okay okay

711

::

[Unknown4]: all right uh not

712

::

[Unknown4]: verifying the information first

713

::

[Unknown5]: not there

714

::

[Unknown4]: before they sent it because the security security is end to end not point to point

715

::

[Unknown4]: okay so not uh verifying that that information was gest your mother's information

716

::

[Unknown4]: that that was an issue there

717

::

[Unknown4]: somehow or another getting this other person's information attached to your

718

::

[Unknown4]: mother's information sending it out you know

719

::

[Unknown4]: that that's not something

720

::

[Unknown5]: that

721

::

[Unknown4]: that probably happens a lot but i could see where if you're not checking if you're

722

::

[Unknown4]: not checking you know

723

::

[Unknown5]: really

724

::

[Unknown4]: doing a hash

725

::

[Unknown4]: uh to make sure that just your mother's information went over and not your mother

726

::

[Unknown4]: and somebody else's information one over you know that's an integrity check that

727

::

[Unknown5]: right

728

::

[Unknown4]: obviously you know wasn't in place there

729

::

[Unknown4]: so um

730

::

[Unknown4]: um the i don't care about the cso and the cpo chief security officer chief privacy

731

::

[Unknown4]: officer whoever is trying to point

732

::

[Unknown4]: fingers the offender was the person who sent the information out so it was not the

733

::

[Unknown4]: receiver's responsibility to make sure that that was okay it was it was not now um

734

::

[Unknown4]: let let's say that the receiver

735

::

[Unknown4]: found it before your mother death

736

::

[Unknown4]: if the receiver found that before your mother did they have an obligation to

737

::

[Unknown4]: report it back and get it corrected before it gets to your mom

738

::

[Unknown5]: doger

739

::

[Unknown4]: but right so

740

::

[Unknown4]: um because something like that would happen so so rarely i could see why the

741

::

[Unknown4]: receiver didn't do a check

742

::

[Unknown4]: um to and it came in with your mother's name okay it could be this much it could

743

::

[Unknown4]: be this many you know in terms of bits and bites and and that type of thing and

744

::

[Unknown4]: let's just send it on because it's it's not something you would you would expect

745

::

[Unknown4]: for the sender to have done the integrity checks on their a before it and went out

746

::

[Unknown4]: but you know if there was so now so now what are they going to do is the receiver

747

::

[Unknown4]: always going to be in a position where they're going to have to check and see if

748

::

[Unknown4]: the information is correct or not it's not on them it's on the sender

749

::

[Unknown4]: it it starts there so um i don't know why it took six months

750

::

[Unknown4]: because

751

::

[Unknown5]: it she

752

::

[Unknown4]: i don't know

753

::

[Unknown5]: mill militaries involved military hospitals involved in that stuff so that's what

754

::

[Unknown5]: took so long

755

::

[Unknown4]: eight

756

::

[Unknown5]: but yeah no i she called me in a panic and she gets like i got this p d f and you

757

::

[Unknown5]: know it's all of my stuff you know in an email and then i get to the go to the end

758

::

[Unknown5]: and it's a another patient's entire record and

759

::

[Unknown4]: see

760

::

[Unknown5]: it was just i i had not heard of that and i didn't know if it was like the

761

::

[Unknown5]: the electronic medical record system messed up or somebody legitimately on the

762

::

[Unknown5]: that first in at the first hospital just

763

::

[Unknown5]: scan something into the wrong the wrong way but i

764

::

[Unknown4]: like

765

::

[Unknown5]: found that to be interesting

766

::

[Unknown4]: it could be system error and it could be a human error but an error was made uh

767

::

[Unknown5]: oh for sure

768

::

[Unknown4]: you know and i i'm glad that your mother brought that to your attention because

769

::

[Unknown5]: yeah

770

::

[Unknown4]: another person you know could have taken that and said hey look you know

771

::

[Unknown5]: hey

772

::

[Unknown4]: what i got i got my medical record and i got somebody else's you know

773

::

[Unknown5]: yep

774

::

[Unknown4]: just in minutes of faint um on t v um with with a reporter and you know news

775

::

[Unknown4]: people around

776

::

[Unknown5]: oh yeah

777

::

[Unknown4]: but i i'm i'm glad that your mother had enough um wherewithal to know that this

778

::

[Unknown4]: was wrong and and you know just take take it to you and you know kind

779

::

[Unknown5]: take it

780

::

[Unknown4]: of look or work it out internally because when we get off uh of here there's a

781

::

[Unknown4]: page that is sponsored by the department of public human services

782

::

[Unknown4]: every breach by every entity that has come to their attention that they make

783

::

[Unknown4]: public

784

::

[Unknown4]: um

785

::

[Unknown5]: okay

786

::

[Unknown4]: yeah i call it the hipa wall of shame or most chemistry called the hipaa wall of

787

::

[Unknown4]: shame it had the entity name how many people were affected what was the cause

788

::

[Unknown4]: and uh who did it

789

::

[Unknown4]: and and

790

::

[Unknown4]: usually it's gonna be

791

::

[Unknown5]: and this is why people don't want to report

792

::

[Unknown4]: what people don't want to report you know if five hundred people or more were

793

::

[Unknown4]: affected by the breach it you can go out there

794

::

[Unknown5]: yeah

795

::

[Unknown4]: anytime you want to and look and see who who's doing what and this you know speaks

796

::

[Unknown4]: to the credibility and the reputation of the organization with regards to their

797

::

[Unknown5]: sure

798

::

[Unknown4]: security

799

::

[Unknown4]: processes or or lack their own

800

::

[Unknown5]: yeah and that and that sometimes at least with a little bit of my personal

801

::

[Unknown5]: philosophy mistakes are going to happen particularly if there's a human element

802

::

[Unknown5]: involved the most rigorous process sure there being a technical control in place

803

::

[Unknown5]: to prevent you from doing something something most like you're tired you're not

804

::

[Unknown5]: paying attention you're doing nineteen things because you're doing the job of

805

::

[Unknown5]: three people an accident's going to happen

806

::

[Unknown5]: but transparency without repudiation sometimes i think you know

807

::

[Unknown4]: so

808

::

[Unknown5]: short of it being a gregis you know like you said five hundred people you know

809

::

[Unknown5]: that needs to be out there

810

::

[Unknown4]: who miss me off here

811

::

[Unknown4]: you can

812

::

[Unknown5]: i want to do it

813

::

[Unknown4]: yeah s

814

::

[Unknown5]: go ahead

815

::

[Unknown4]: f i did these people too

816

::

[Unknown4]: i

817

::

[Unknown4]: thousand twenty two it's twenty

818

::

[Unknown5]: yeah

819

::

[Unknown4]: twenty two this law has been in place since two thousand no nineteen ninety six

820

::

[Unknown5]: ninety six

821

::

[Unknown4]: and the security regulation has been in place since two o four two o five

822

::

[Unknown4]: and we're still having these issues in twenty twenty

823

::

[Unknown5]: yeah

824

::

[Unknown4]: two

825

::

[Unknown4]: do you see what i'm saying so it's it's not

826

::

[Unknown5]: oh absolutely

827

::

[Unknown4]: oh we're getting around to it all we're all you know you going to work on that

828

::

[Unknown5]: you know how it is you did it by now you're not doing it

829

::

[Unknown4]: where have you go said

830

::

[Unknown4]: what have you done

831

::

[Unknown5]: but i i'd be remiss with it said not ask you know i do not know what this has

832

::

[Unknown5]: evolved about covid and privacy stuff and you had worked in i know you said

833

::

[Unknown5]: baltimore and public schools with some auditing can you explain a little bit of

834

::

[Unknown5]: what specifically you were doing that was covid related in the in the school

835

::

[Unknown5]: systems

836

::

[Unknown4]: this is interesting um so i'm able to use my audit and assessment

837

::

[Unknown4]: experience

838

::

[Unknown4]: in another way and and push up

839

::

[Unknown4]: my auditing and assessment experience and use it for covid in

840

::

[Unknown4]: a situation here

841

::

[Unknown4]: with this um seventy two hospital excuse me seventy two schools where they were

842

::

[Unknown4]: trying to get this children back to school

843

::

[Unknown4]: as opposed to having them you know take their lessons and do everything on a

844

::

[Unknown4]: virtual basis so this was part of the covid initiative getting back to school face

845

::

[Unknown4]: to face so you need to look we what i did was normally you know in security we're

846

::

[Unknown4]: looking at standards like nest or iso or whatever here there's a group of

847

::

[Unknown4]: standards that have been put in place by the school system

848

::

[Unknown4]: and uh coming from the cdc coming from osha and some of the things that have been

849

::

[Unknown4]: published by fda about what people needed to have in place in order for children

850

::

[Unknown4]: and the teachers and other staff members of the school to be safe when they came

851

::

[Unknown4]: back to school so we looked at a hand sanitizer the percent of alcohol in the sand

852

::

[Unknown4]: sanitizer if they were wearing masks if they had signs up that said stand six feet

853

::

[Unknown4]: apart if they were on the floor and they were actually six feet apart if they were

854

::

[Unknown4]: on the walls and they were actually six feet apart looking at signs near the

855

::

[Unknown4]: escalate near the elevators that said no more than so many people could be in the

856

::

[Unknown4]: escalator at at any given time and then looking in the elevators excuse me

857

::

[Unknown4]: elevators and seeing that there were signs in there that said six feet apart

858

::

[Unknown4]: making sure that there were partitions in the various places where they were going

859

::

[Unknown4]: to have people come through looking at people and how they were keeping their

860

::

[Unknown4]: records associated with temperature

861

::

[Unknown4]: taking as the children

862

::

[Unknown5]: oh

863

::

[Unknown4]: came in the school and as the staff came in school and if they exceeded their

864

::

[Unknown4]: threshold which i think was ninety nine uh degrees fahrenheit at the time uh

865

::

[Unknown4]: because i they had dropped it from like a hundred or or at that time if anybody

866

::

[Unknown5]: got you

867

::

[Unknown4]: is it that way how are they going to take that child and isolate them in a room

868

::

[Unknown4]: until their parents could come and get them or arrangements could be made for them

869

::

[Unknown4]: the child to be taken um and and to go home for them to go and get covid tests to

870

::

[Unknown4]: get a doctor's release before they could come back to school same thing with all

871

::

[Unknown4]: of the uh staff that was in the hospital so there was this list of things that

872

::

[Unknown4]: they expected for these seventy two schools to do and myself and four other

873

::

[Unknown4]: auditors uh did the audits for those schools and came back with a report to say

874

::

[Unknown4]: how many m in compliance how many were uh and not in compliance and what the

875

::

[Unknown4]: remediation pieces that needed to be done per school and then

876

::

[Unknown5]: sure

877

::

[Unknown4]: over yeah so that's uh what we were doing with with that particular project with a

878

::

[Unknown4]: baltimore city health department i was asked to come up

879

::

[Unknown4]: because of my certification with the department of homeland security

880

::

[Unknown4]: to help them their recovery planning because the pandemic is considered a national

881

::

[Unknown4]: disaster um

882

::

[Unknown4]: disaster and it falls under

883

::

[Unknown4]: the definitions of homeland security se with their disaster fema protocols so i

884

::

[Unknown4]: was working with them on their recovery plans for a while until it became very

885

::

[Unknown4]: apparent that

886

::

[Unknown4]: recovery planning was a little bit too early

887

::

[Unknown4]: to initiate because delta and acron came along

888

::

[Unknown4]: and

889

::

[Unknown5]: of course

890

::

[Unknown4]: start up yeah

891

::

[Unknown4]: so um the other people on the team were able to stay uh i was asked to stand down

892

::

[Unknown4]: until they come up with a time where they're going to be doing recovery maybe i'll

893

::

[Unknown4]: go back to that but it was very interesting looking at it from the perspective of

894

::

[Unknown4]: a city department and then

895

::

[Unknown4]: the overall department of the state of maryland how they were working together

896

::

[Unknown4]: with baltimore city and how the state was working with their initiatives and then

897

::

[Unknown4]: looking at the counts because people don't realize the cities are responsible for

898

::

[Unknown4]: their own plans the counties are responsible for their plans if the state is

899

::

[Unknown4]: responsible for their plan i mean down from the feds all right so you want to

900

::

[Unknown4]: harmonize all of these plans together uh for for any type of incident for any type

901

::

[Unknown4]: of disaster but they can be written in silence

902

::

[Unknown4]: and so

903

::

[Unknown5]: that happened to virginia

904

::

[Unknown4]: right right and so when you're coming up with these emergency plans it would be

905

::

[Unknown4]: nice if you could have everybody together

906

::

[Unknown4]: and

907

::

[Unknown5]: need some more tabletop exercises it sounds like that happens around this

908

::

[Unknown4]: more people stop talking starbucks whatever it takes to get people together

909

::

[Unknown4]: so i mean because that's one of the things that's coming out of this whole

910

::

[Unknown4]: pandemic is people did uh pandemic planning back in uh two thousand nine two

911

::

[Unknown4]: thousand ten for them but then they less alone so then they hadn't looked at their

912

::

[Unknown4]: pandemic plan

913

::

[Unknown5]: go ahead

914

::

[Unknown4]: for years so then this one comes along and this one is uh a worldwide pandemic um

915

::

[Unknown4]: so

916

::

[Unknown5]: right

917

::

[Unknown4]: there's a lot of more moving parts that went along with this pandemic than it did

918

::

[Unknown4]: with the one for two thousand nine two thousand ten so um many of the

919

::

[Unknown4]: things that we have to look at for covid in terms of preparation and going forward

920

::

[Unknown4]: because some people

921

::

[Unknown4]: are g covid is not over

922

::

[Unknown4]: people feel like it's over and everybody's kind of covered weary even the planners

923

::

[Unknown4]: are covet weary but we was we're not at the point

924

::

[Unknown5]: what

925

::

[Unknown4]: you you know we can just throw everything away and say we declared that the

926

::

[Unknown4]: pandemic

927

::

[Unknown4]: when the

928

::

[Unknown5]: i de this sounds like my michael scott remember from the office i declared

929

::

[Unknown5]: bankruptcy

930

::

[Unknown4]: a right exactly exactly see you got these human beings went around saying we're

931

::

[Unknown4]: tired we're declaring that this pandemic is over it's not anywhe to see anymore

932

::

[Unknown4]: and the virus is going to say

933

::

[Unknown4]: well you know you know let's let let's see about that you know

934

::

[Unknown4]: so which have necessarily we can maybe scale down the emergency response um but we

935

::

[Unknown4]: still need to be on our ps and cues when it comes to

936

::

[Unknown4]: um maybe learning to live with it like we have done with uh influenza uh so

937

::

[Unknown5]: at be great

938

::

[Unknown4]: that you right becomes more of an endemic type of process as opposed to this big

939

::

[Unknown4]: emergency there's been big pandemic type of issue

940

::

[Unknown4]: so

941

::

[Unknown5]: right

942

::

[Unknown4]: story is still out on that we hasn't been closed yet

943

::

[Unknown5]: well awesome well i greatly appreciate your time i clearly know who if i have

944

::

[Unknown5]: hipaa questions who i'm going to first and who anybody listening to this needs to

945

::

[Unknown5]: go to a first unquestionably if anybody wants to you know reach out acquire how to

946

::

[Unknown5]: work with you follow you what's the best way for them to do that

947

::

[Unknown4]: um they can reach me at uh info at ingram in associates dot com and that's

948

::

[Unknown4]: ingram my last name is that a little n

949

::

[Unknown4]: for a and d so it's a little in associates dot com

950

::

[Unknown4]: they can look at my website at www dot

951

::

[Unknown4]: ingram and associates com or you can find me on linkedin by my first and last name

952

::

[Unknown4]: sybil england

953

::

[Unknown5]: and i will make sure to have those links in the show notes for sure

954

::

[Unknown4]: yes

955

::

[Unknown5]: and again i really appreciate time this has been fun it's been an enlightening and

956

::

[Unknown5]: uh i agree again i can't thank you enough for spending the last hour with me

957

::

[Unknown4]: well you know regulations doesn't have to be boring and

958

::

[Unknown5]: no

959

::

[Unknown4]: a lot of people think

960

::

[Unknown5]: maybe

961

::

[Unknown4]: this out of right yeah what the pif was presenting

962

::

[Unknown4]: you're bored it's gonna be bored you know i

963

::

[Unknown5]: yeah

964

::

[Unknown4]: don't consider myself s bored and i mean it's it's a lot of this is just kind of a

965

::

[Unknown4]: common sense of type of stuff but you learn over the years the more technical

966

::

[Unknown4]: aspects of it and how to present it i know the lawyer started talking about hipaa

967

::

[Unknown4]: being healthy income paying prepared uh attorneys and so that's what hipaa stood

968

::

[Unknown4]: for them uh

969

::

[Unknown5]: first

970

::

[Unknown4]: and um or paying aware attorneys and so they they would make with jokes about it

971

::

[Unknown4]: but i can talk about this anytime and act to talk

972

::

[Unknown5]: awesome

973

::

[Unknown4]: about up thank too jo

974

::

[Unknown5]: yeah what figure that out for another episode that

975

::

[Unknown4]: yes

976

::

[Unknown4]: one well thank

977

::

[Unknown5]: thanks again

978

::

[Unknown4]: you for me i really appreciate it and

979

::

[Unknown5]: yeah

980

::

[Unknown4]: again i i'm not blushing as much right now but i'm still very flattered and very

981

::

[Unknown4]: honored this is a privilege for me to do this for you and willing to do it anytime

982

::

[Unknown5]: i appreciate it

983

::

[Unknown4]: okay

Next Episode All Episodes Previous Episode

About the Podcast

Show artwork for The Business Samurai
The Business Samurai
Skills and Stories to be a Well-Rounded Leader in Business

Listen for free

About your host

Profile picture for John Barker

John Barker

20+ years of technology, cybersecurity, and project management experience. Improving business operations to create a culture of better cybersecurity and technology practices. John is the Founder of Barker Management Consulting and the creator of the Business Samurai Program.

MBA, PMP, CISSP