This is Carlos Leyva's Typepad Profile.
Join Typepad and start following Carlos Leyva's activity
Join Now!
Already a member? Sign In
Carlos Leyva
I am a knowledge monger, but knowledge without love is a senseless pursuit, pursue what you love to do first.
Interests: music, literature, health care, the law, collaboration and collaborative platforms, writing, politics, basketball, and public education (not necessarily in that order on any given day).
Recent Activity
Image
As promised here are the 2017 & 2016 HHS CMP numbers: Download HHS CMPs. These two years account for over $28M of "revenue" for HHS. Remember that the HITECH Act gave HHS a virtual $$ machine by allowing it to... Continue reading
Posted yesterday at Web-Tones
Healthcare's cybersecurity status quo has been destroyed by a confluence of factors. We are now 17 years into the 21st century and the healthcare industry writ large has somehow managed to hold on to a minimalist cybersecurity posture that is... Continue reading
Posted Jul 6, 2017 at Web-Tones
There has never been any meaningful distinction between CyberSecurity and HIPAA Security from a technical perspective; however from a legal perspective each regulatory regime must be treated as a unique and distinctive set of regulations. The WannaCry attack made the... Continue reading
Posted Jun 20, 2017 at Web-Tones
Image
That question is so broad that it can only be answered succinctly in the abstract. However for our purpose such a definition should work just fine. One such definition follows: "Cybersecurity is the body of technologies, processes and practices designed... Continue reading
Posted Jun 14, 2017 at Web-Tones
Image
The answer to this question contains two related but ultimately separate and distinct parts: (1) a set of security controls not all that dissimilar from the CIS top 20; and (2) a coherent regulatory regime that is a set of... Continue reading
Posted Jun 12, 2017 at Web-Tones
Image
This article answers that question in the affirmative. Larger and larger data breaches are now an undeniable trend, which the available data clearly supports. The $$ quote form this article is: Before 2009, the majority of data breaches were the... Continue reading
Posted Jun 11, 2017 at Web-Tones
You can see the full text of the most recent guidance here. The takeaway from HHS' guidance post WannaCry can be summarized as (1) Contingency Plans (see below); and (2) Network Scans. My entity just experienced a cyber-attack! What do... Continue reading
Posted Jun 9, 2017 at Web-Tones
Your network is the heartbeat of your organization; without it no emails get sent, no applications are accessed, no third-party resources of any kind are available—in short, to a large extent, no meaningful work of any kind gets done that... Continue reading
Posted Jun 8, 2017 at Web-Tones
Description: This webinar will summarize the lessons learned by the healthcare industry from WannaCry & perform a postmortem on WannaCry's impact. Date and Time, including Time Zone June 15, 2017 2:00 EST Register Here for the June Webinar Looking for... Continue reading
Posted May 31, 2017 at Web-Tones
Chris Saah CEO of TecFac (Technology Facilitators) joined Carlos Leyva and the team for a discussion of the recent the ransomware attack and how to prevent ransomware from penetrating your organization in addition to discussing HHS' methodology implications. Download the... Continue reading
Posted May 24, 2017 at Web-Tones
Don't believe that the bad guys are targeting healthcare? Read the follow recent HHS announcement: >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> May 12, 2017 Dear HPH Sector Colleagues, HHS is aware of a significant cyber security issue in the UK and other international locations affecting... Continue reading
Posted May 12, 2017 at Web-Tones
HHS has once again provided guidance on the importance of having a methodology to develop, implement, and maintain a comprehensive compliance program ("Program"). The objective of your HIPAA compliance initiative ("HCI") should be to build your Program over time, especially... Continue reading
Posted May 3, 2017 at Web-Tones
Description: This webinar revisits the foundation of the HIPAA Privacy Rule in light of the fact that, due mostly to Breach Notification, the Security Rule has taken most of the oxygen out of the room. Thursday, April 20, 2:00 PM... Continue reading
Posted Apr 18, 2017 at Web-Tones
OCR has recently identified 10 recurring areas of enforcement. This post illustrates how the HIPAA Survival Guide's ("HSG") methodology and comprehensive remediation products help protect you against these problem areas. HSG's remediation examples are not intended to be exhaustive, simply... Continue reading
Posted Apr 7, 2017 at Web-Tones
HHS has once again provided guidance with respect to the importance of having a methodology in order to develop, implement, and maintain a comprehensive compliance program (“Program”). It should be clear that the entire objective of your HIPAA compliance initiative... Continue reading
Posted Apr 5, 2017 at Web-Tones
On January 17, 2017, HCCA-OIG and HHS recently issued new guidance regarding how to effectively comply with HIPAA and other compliance regimes. This is the second in a series of three posts that responds to how the HIPAA Survival Guide's... Continue reading
Posted Apr 3, 2017 at Web-Tones
On January 17, 2017, HCCA-OIG and HHS recently issued new guidance regarding how to effectively comply with HIPAA and other compliance regimes. This is the first in a series of three posts that responds to how the HIPAA Survival Guide's... Continue reading
Posted Apr 2, 2017 at Web-Tones
Image
The September 23, 2013 Omnibus Rule deadline came and went over three years ago, but no worries because many of you have filled in the blanks of your new set of templates and are good to go. Right? Wrong! First,... Continue reading
Posted Mar 31, 2017 at Web-Tones
Image
What is Cyber Insurance? As it turns out, this is not a simple question to answer. It means different things to different organizations. One thing is clear, whatever is covered under cyber-liability insurance is almost certainly not covered under an... Continue reading
Posted Mar 25, 2017 at Web-Tones
Image
NIST just recently releases it proposed 2016 Cybersecurity Framework and it is telling in many useful ways, but NOT in the ways that you would imagine. We often write about methodology and process. Why? Because they are an integral part... Continue reading
Posted Mar 12, 2017 at Web-Tones
Image
Description: This webinar explores how to prepare for a HIPAA audit by reviewing the documents containing visible, demonstrable, evidence of compliance that you should be prepared to show HHS (or a Court of Law). Thursday, March 16, 2017 2:00 PM... Continue reading
Posted Mar 10, 2017 at Web-Tones
Image
Recently, the Digital Business Law Group P.A., Carlos Leyva, Esq., began providing legal assistance to customers of the HIPAA Survival Guide. Compliance with regulations is a non-trivial task and the ability to have legal guidance with regulations is valuable. Take a look at the following link for your Jumpstart legal... Continue reading
Posted Feb 22, 2017 at HIPAA Survival Guide Blog
Looking for a simplified way to train your staff on HIPAA Breach Notification? For a limited time, we are offering our Breach Notification Training Module F*R*E*E* when you sign up for our monthly newsletter (also free). Continue reading
Posted Feb 8, 2017 at Web-Tones
A slightly irreverent piece on the some of the "goings on" in the HIPAA space. Looking for a simplified way to train your staff on HIPAA Breach Notification? For a limited time, we are offering our Breach Notification Training Module... Continue reading
Posted Feb 7, 2017 at Web-Tones