This is Carlos Leyva's Typepad Profile.
Join Typepad and start following Carlos Leyva's activity
Join Now!
Already a member? Sign In
Carlos Leyva
I am a knowledge monger, but knowledge without love is a senseless pursuit, pursue what you love to do first.
Interests: music, literature, health care, the law, collaboration and collaborative platforms, writing, politics, basketball, and public education (not necessarily in that order on any given day).
Recent Activity
Title: Stuck on Stupid: How to Eliminate 95% of HIPAA Liability while being less than Thirty Percent (30%) Compliant. Description: This webinar focuses on providing the C-Suite and compliance officers a strategy for eliminating a significant portion of HIPAA liability... Continue reading
Posted Feb 27, 2019 at Web-Tones
Register here for the FREE HIPAA Survival Guide Newsletter Does your staff have sufficient HIPAA training? Determining the amount of adequate training is not an easy question because the answer is highly dependent on the individual and the organization. Individuals... Continue reading
Posted Aug 21, 2018 at Web-Tones
Join us this month for a free webinar about HIPAA training. Description: HIPAA Education: How much training is enough? This webinar will describe How much and what type of HIPAA education is well suited for staff and other workforce members?... Continue reading
Posted Aug 6, 2018 at Web-Tones
Do you have compliance and regulatory questions that aren't answered easily? Don't have a reference for those unique situations that only apply to your organization? Well look no further. We have educated thousands of stakeholders on the HIPAA Rules ("Rules")... Continue reading
Posted Jun 13, 2018 at Web-Tones
Notice that the title does not say 10 "Easy" Steps! There is nothing easy about compliance in general and the GDPR specifically. Far from it. However, these ten (10) steps have been vetted in other compliance regimes (e.g. HIPAA) and... Continue reading
Posted Mar 28, 2018 at Web-Tones
Description This webinar discusses why HIPAA & other compliance stakeholders need a governing philosophy that underpins their Information Governance initiatives...the challenge is much broader than HIPAA, with myopic views leading to fragmented compliance silos and initiatives. Date and Time, including... Continue reading
Posted Mar 21, 2018 at Web-Tones
The purpose of this group is to discuss and share knowledge related to the EU's General Data Protection Regulation ("GDPR"). One way to think about the GDPR is "HIPAA for everyone," especially if you are in the EU OR, more... Continue reading
Posted Jan 2, 2018 at Web-Tones
Title: Developing a Breach Response Plan Description: This webinar discusses the key components necessary to build an effective Breach Response Plan and how said plan interacts with other components of your HIPAA Compliance Initiative ("HCI"). Date and Time, including Time... Continue reading
Posted Sep 14, 2017 at Web-Tones
This Post contains access to the new HIPAA Implementation Detailed Project Plan. The HIPAA Implementation Project Plan is organized by Chunks/Sprints to support rapid completion your HIPAA Compliance Initiative ("HCI"). High-Level Tracks include: 1. Disseminate Model Policies (Track = "Foundational")... Continue reading
Posted Aug 20, 2017 at Web-Tones
At the HIPAA Survival Guide and the Digital Business Law Group we are starting to grapple with the much broader question of when state laws require breach notification. As the NCSL states in their overview on this topic: Forty-eight states,... Continue reading
Posted Aug 13, 2017 at Web-Tones
The notion of "Criticality Analysis" is NOT foreign to the HIPAA Security Rule ("SR"). The SR addresses (in part) this requirement as part of the implementation specifications for the Contingency Standard in the Administrative Safeguards: 164-308(a)(7)(ii)(E); which states "Assess the... Continue reading
Posted Aug 11, 2017 at Web-Tones
As promised here are the 2017 & 2016 HHS CMP numbers: Download HHS CMPs. These two years account for over $28M of "revenue" for HHS. Remember that the HITECH Act gave HHS a virtual $$ machine by allowing it to... Continue reading
Posted Jul 26, 2017 at Web-Tones
Healthcare's cybersecurity status quo has been destroyed by a confluence of factors. We are now 17 years into the 21st century and the healthcare industry writ large has somehow managed to hold on to a minimalist cybersecurity posture that is... Continue reading
Posted Jul 6, 2017 at Web-Tones
There has never been any meaningful distinction between CyberSecurity and HIPAA Security from a technical perspective; however from a legal perspective each regulatory regime must be treated as a unique and distinctive set of regulations. The WannaCry attack made the... Continue reading
Posted Jun 20, 2017 at Web-Tones
That question is so broad that it can only be answered succinctly in the abstract. However for our purpose such a definition should work just fine. One such definition follows: "Cybersecurity is the body of technologies, processes and practices designed... Continue reading
Posted Jun 14, 2017 at Web-Tones
The answer to this question contains two related but ultimately separate and distinct parts: (1) a set of security controls not all that dissimilar from the CIS top 20; and (2) a coherent regulatory regime that is a set of... Continue reading
Posted Jun 12, 2017 at Web-Tones
This article answers that question in the affirmative. Larger and larger data breaches are now an undeniable trend, which the available data clearly supports. The $$ quote form this article is: Before 2009, the majority of data breaches were the... Continue reading
Posted Jun 11, 2017 at Web-Tones
You can see the full text of the most recent guidance here. The takeaway from HHS' guidance post WannaCry can be summarized as (1) Contingency Plans (see below); and (2) Network Scans. My entity just experienced a cyber-attack! What do... Continue reading
Posted Jun 9, 2017 at Web-Tones
Your network is the heartbeat of your organization; without it no emails get sent, no applications are accessed, no third-party resources of any kind are available—in short, to a large extent, no meaningful work of any kind gets done that... Continue reading
Posted Jun 8, 2017 at Web-Tones
Description: This webinar will summarize the lessons learned by the healthcare industry from WannaCry & perform a postmortem on WannaCry's impact. Date and Time, including Time Zone June 15, 2017 2:00 EST Register Here for the June Webinar Looking for... Continue reading
Posted May 31, 2017 at Web-Tones
Chris Saah CEO of TecFac (Technology Facilitators) joined Carlos Leyva and the team for a discussion of the recent the ransomware attack and how to prevent ransomware from penetrating your organization in addition to discussing HHS' methodology implications. Download the... Continue reading
Posted May 24, 2017 at Web-Tones
Don't believe that the bad guys are targeting healthcare? Read the follow recent HHS announcement: >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> May 12, 2017 Dear HPH Sector Colleagues, HHS is aware of a significant cyber security issue in the UK and other international locations affecting... Continue reading
Posted May 12, 2017 at Web-Tones
HHS has once again provided guidance on the importance of having a methodology to develop, implement, and maintain a comprehensive compliance program ("Program"). The objective of your HIPAA compliance initiative ("HCI") should be to build your Program over time, especially... Continue reading
Posted May 3, 2017 at Web-Tones
Description: This webinar revisits the foundation of the HIPAA Privacy Rule in light of the fact that, due mostly to Breach Notification, the Security Rule has taken most of the oxygen out of the room. Thursday, April 20, 2:00 PM... Continue reading
Posted Apr 18, 2017 at Web-Tones