PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

Phishing Cartoon: Signs of a Phishing Scam

Misspelled words and bad grammar are tell-tale signs of phishing.   Why don’t phishers learn spelling and grammar?  Can’t they afford a copy of Strunk and White?

Phishers don’t need to spell better because their poorly-written schemes still fool enough people.  It’s just math for the phishers — a numbers game.   If you handle IT security at your organization, don’t assume that people won’t fall for obvious phishing scams — they do.   That’s why it is essential to train people — again and again.

Continue Reading

HIPAA Cartoon on Snooping

This cartoon is about snooping, one of the most common HIPAA violations.  HIPAA prohibits accessing information that people don’t need to do their jobs.   It can be easy to look at electronic medical records, and people who snoop in this way might not perceive it as wrong.  But the cartoon invites people to imagine how creepy the snooping would appear if it were occurring right in front of patients.  Computers remove the interpersonal dynamic, making it harder for people to fully appreciate the wrongfulness of their conduct.

Though the high-profile, celebrity snooping incidents garner all the media attention, smaller cases affecting everyday individuals make up the bulk of the cases and legal activity.  A large number of inappropriate access claims involve people checking on protected health information (PHI) about family and friends.  Snooping is not intended maliciously.  Often a concerned staff member will access the patient records of a family member or acquaintance out of worry or concern.  In one case, a nurse in New York was fired for disclosing a patient’s medical history to warn a family member who was romantically involved with the patient of the patient’s STD.

Continue Reading

Cartoon on HIPAA Training

HIPAA Training Cartoon - Train without the pain

This cartoon depicts the way many people perceive HIPAA training.  But it doesn’t have to be this way. When most people hear HIPAA training they prepare themselves to slog through a boring lecture filled with tedious legalese.   Many have been subjected to hours of training that is overly technical, not useful for their jobs and not even close to being memorable.  I designed my HIPAA training to be different.  I believe that training should be fun and engaging.  It should have personality.  I avoid the wordy and needless filler material and focus on the key concrete things that people must know and do.

Continue Reading

HIPAA Cartoon on Social Media Use

HIPAA Cartoon Social Media

Here’s a cartoon on HIPAA and social media use to jump start your week.  You can’t think enough about HIPAA these days.  HIPAA audits are back, and OCR is having a vigorous enforcement year this year, something I plan to post about soon.

Continue Reading

HIPAA Cartoon on HIPAA’s Jargon

HIPAA Cartoon - TeachPrivacy HIPAA Training

HIPAA is famously impenetrable, with so many special terms and definitions.  I wrote this cartoon to capture the wonderful world of HIPAA jargon, which I hope fellow lovers of HIPAA can appreciate.

AHIMA LogoFor those who want an introduction to HIPAA and how the Privacy Rule and the Security Rule work, I produced a series of courses on HIPAA for the American Health Information Management Association (AHIMA). Each course is approximately 1 hour long.  The courses are:

• HIPAA Privacy: The Pillars of a Privacy Program
• HIPAA Privacy: Rights and Responsibilities
• HIPAA Security: Safeguarding PHI

They are available through AHIMA, but you can preview them on my site here.

HIPAA Courses - AHIMAThese AHIMA HIPAA courses are not for the entire workforce — the courses are for personnel who focus on HIPAA compliance and need to understand the basics of how HIPAA works.  My HIPAA training for the workforce is shorter as well as more basic and general.

I have another HIPAA cartoon here.

Continue Reading