1st Talk Compliance features guest Raymond Ribble, CEO and Founder at SPHER, Inc., on the topic of A Practical Approach to The Safe Harbor Law. Ray joins our host Catherine Short to discuss how HIPAA data breach penalties typically get measured in millions of dollars, even following an organization implementing NIST cybersecurity framework measures. However, with the new HIPAA Safe Harbor Law, signed in January 2021, HHS and OCR may consider some penalty mitigation. It is important to understand that the Safe Harbor Law, while offering substantial protection, does not provide a true safe harbor and only offers some protection. This episode will examine what the established security practices for healthcare are, and how to pivot your organization's security profile to mitigate breach penalties if an event occurs. Catherine Short 0:01 Welcome, and let's, 1st Talk Compliance. I’m Catherine Short, Marketing Manager for First Healthcare Compliance, a division of Panacea Healthcare Solutions. Thanks for tuning in. This show is brought to you by First Healthcare Compliance as part of our commitment to provide high quality complimentary educational resources. Please show your support by taking a moment to provide a review on Google, Facebook, or iTunes, and be sure to follow us on social media and subscribe to our YouTube channel. On today's episode, we are speaking with Raymond Ribble, CEO and Founder at SPHER Inc, on the topic of A Practical Approach to The Safe Harbor Law. HIPAA data breach penalties typically get measured in millions of dollars even following an organization implementing NIST cybersecurity framework measures. However, with the new HIPAA Safe Harbor Law signed in January 2021, HHS and OCR may consider some penalty mitigation, it is important to understand that the Safe Harbor Law while offering substantial protection does not provide a true Safe Harbor and only offers some protection. This episode will examine what the established security practices for healthcare are, and how to pivot your organization's security profile to mitigate breach penalties if an event occurs.   Catherine Short 1:39 So Ray, thank you so much for joining me on 1st Talk Compliance. It's a pleasure to have you on.   Raymond Ribble 1:42 Thank you for having me, I appreciate it.   Catherine Short 1:43 Again, I'm so happy you're here today. Today we're discussing about the Safe Harbor Law and we're going to be talking about a practical approach. For people who are new to this, can you give us a good background or a brief description about what we are going to be discussing as far as some compliance background? Or how we got here as far as I know that HIPAA has a Safe Harbor Law? And I know that that affects how people need to protect their health data and their data in general. Can you give us a little bit of background of what we should be protecting and what we should be careful of and what we should be discussing?   Raymond Ribble 2:27 Sure. For our listeners, I'll try to give you the cliff note version of what it is. What I wanted to do for everybody who's listening today is just give you a brief introduction to what is the Safe Harbor Law. I don't want you to become experts on the Safe Harbor Law, I don't want you to be able to click off the five things that it does. That's not the background. It's just that some well thought politicians in both the Senate and the House got together and said, Hey, look, we've provided all this money to help these medical institutions move from paper to digital. In doing so, we've exposed them to a brand new set of risks in terms of data breaches that can occur that didn't exist before. And now we're asking them to spend more money to implement policies and pr...