How to Navigate HIPAA: Interview with David Sims

[00:00:00] Welcome to the SMB Community Podcast with hosts Amy Babinchik, James Kernan and Karl Palachek. Produced by Kernan Consulting and for the international MSP community, we are dedicated to making every IT professional a successful IT professional.

[00:00:24] Hey everybody, welcome back to the SMB Community Podcast. This is James Kernan with Kernan Consulting and I am here with a very special guest today, Mr. David Sims.

[00:00:33] David Sims from Security First ITE. Hey David, welcome.

[00:00:37] Hey James, how are you?

[00:00:38] Doing good, doing good. Hey, I was excited. So you've been part of our Mastermind community for a short period of time. And actually we were just talking about, we just got back from an event in Denver.

[00:00:51] That was your first time coming to the event. But that's not what we're going to talk about today. Really, I invited David on the program today.

[00:00:59] We're going to learn a little bit more about him and his background, but he has a long-standing healthcare podcast, a HIPAA podcast that he's the host of. And I wanted to let everybody know what he's doing on that podcast.

[00:01:15] I think that was really cool, really unique and very special. So anyway, thanks for being on the program, Dave. So before we kind of talk about your podcast, tell us a little bit more about your background.

[00:01:29] How long have you been in the industry and tell us a little bit more about your background and your business?

[00:01:34] Sure. So I've been in the industry since 98 and it's been a ever changing roller coaster ride.

[00:01:43] So in 98, I actually quit my job and started a storefront and we just built computers and did repair and you know, the normal stuff.

[00:01:54] It's funny because I would literally walk around and go to service calls with a very thick book on how to repair certain things because I was kind of learning on the job.

[00:02:07] And so that's morphed over the years from that to consulting, to back to doing IT work and then eventually into the MSP space as that became a thing.

[00:02:21] And so that's what we're currently doing now. MSP or MSSP, you know, there's a big range there when you start throwing those two different acronyms in.

[00:02:31] And so, you know, but we're in that space and we focus primarily in the healthcare vertical.

[00:02:37] Awesome. Awesome. Okay. And then, so let's, let's kind of segue into the, the podcast itself. When, when did you start the podcast?

[00:02:47] Well, man, I am not sure of the year, but I think it was around 2015. I believe it was.

[00:02:58] Okay. Almost 10 years, right?

[00:03:01] Yeah. Yeah. Yeah. Um, I believe that's what it is. I don't have it in front of me. We, we are 478, I think episodes in now.

[00:03:10] Wow.

[00:03:11] So yeah. Uh, one, one every week. So 52 weeks. So yeah, it's been a while.

[00:03:17] It's been a while.

[00:03:19] So it's the longest standing HIPAA podcast out there.

[00:03:23] It is.

[00:03:24] That's awesome. And tell us a little bit more about the format. Do you have guests on the show or do you talk about, what, what do you talk about on the show?

[00:03:31] So primarily we cover topics around privacy and security and it's a, it's focused on healthcare.

[00:03:38] However, there are a lot of things that, that kind of transcend healthcare.

[00:03:42] We also talk in reference to, uh, how MSPs have to, uh, navigate healthcare and what they can do for their clients.

[00:03:51] And so it's, it's really one of these podcasts where we're kind of bridging the gap between the MSPs or IT professionals and their clients.

[00:03:58] So there's something in there for their clients to learn or something in there for the MSPs to learn.

[00:04:03] And then we talk a lot about having that communication together so that your clients hopefully are coming to you and asking the questions to start conversations.

[00:04:11] If you're not coming to them first, or if you're the MSP listening, then you understand some conversations you may, may need to have with your clients.

[00:04:19] And so it kind of bridges that gap between the two.

[00:04:21] And that's, that's the, the unique part of it that I really enjoy.

[00:04:24] Yeah.

[00:04:25] Yeah.

[00:04:25] It's, it's educational.

[00:04:27] And, and that, that's what I, I appreciate as well.

[00:04:30] And the podcast itself is called help me with HIPAA, help me with HIPAA.

[00:04:36] And then you've got a domain out there, help me with HIPAA.com.

[00:04:40] And, uh, you can learn more about that or subscribe and get more information on that.

[00:04:45] So tell us, um, what were some of your favorite episodes that you've had?

[00:04:50] And I know you've done a lot of them.

[00:04:51] So that's kind of, you'll have to dust off the cobwebs there.

[00:04:54] Yeah, that, that's tough, man.

[00:04:57] Cause there are some really good ones.

[00:04:58] We, we actually don't have a lot of, um, of interview guests that we do.

[00:05:04] It's typically me and my co-host, uh, who's, uh, Donna Grendel and Donna Grendel owns a consulting, uh, firm for compliance, uh, called Carden.

[00:05:15] And so there's a story behind that, but we, we might get into that later.

[00:05:19] But anyway, so she and I, we talk often about, uh, the aspects of privacy and security and things that are happening.

[00:05:26] For example, uh, last, just last week, OCR, uh, if you don't know, OCR is, is what I call the HIPAA police.

[00:05:33] And so that's part of HHS that enforces, uh, HIPAA.

[00:05:37] And, uh, and so last week they had an announcement of a, of an investigation settlement, which is something that comes out fairly often.

[00:05:45] I mean, not every day, but certainly, you know, once a month or so they'll have these settlements that come out.

[00:05:51] And so we'll take those settlements and we talk about them.

[00:05:53] What did they, what was the investigation about?

[00:05:56] What was the incident that happened?

[00:05:57] And oftentimes it's ransomware or it's somebody who did something stupid.

[00:06:01] When we talk about that, this is what happened, or at least as much as we know, because not all the details are shared.

[00:06:07] Uh, this is what happened.

[00:06:08] This is the investigation results.

[00:06:10] These are things that they said that the company or the practice, uh, didn't do or needs to do better.

[00:06:16] And this is part of their corrective action plan.

[00:06:19] And we go through those things.

[00:06:20] And so it gives us the ability to look at that and say, these are some things that people are struggling with because they're not doing them.

[00:06:28] For example, they're not completing a proper security risk analysis that is, um, that is thorough and accurate.

[00:06:37] We often in our industry, we think that we're running a tool and we're doing a security risk analysis.

[00:06:42] And, and that is true.

[00:06:44] However, within healthcare, that piece means a whole lot more.

[00:06:48] So we're using the same term, but they're meaning something very different.

[00:06:52] And so we see that in, in every single investigation where, uh, where there is a settlement.

[00:07:01] We see that terminology where that security risk analysis is not done properly.

[00:07:05] And so those are the things we talk about and we go over those things.

[00:07:07] And so I, I enjoy going through those and learning that piece of it and then giving that information to clients as well as prospects, as well as MSPs and their clients and prospects.

[00:07:18] Yeah. Yeah. I think I, you know, the one thing I want to say about this is I love that you've been doing it for almost 10 years.

[00:07:26] I like the co-host idea because that, especially when someone can add value, you know, they're a consultant in the compliance space, you know, so what a great co-host.

[00:07:36] Sounds like you've got great chemistry because I've listened to the show before between you two that I think it's great.

[00:07:42] But what I love about it is your other business security first it, you guys focus on healthcare.

[00:07:50] I've always told our audience that one of the most effective marketing campaigns you can do is public speaking, you know, be a public speaker.

[00:08:00] And you want to get yourself out there and creatively you're doing that as an expert on the HIPAA podcast, but you know, you're sharing knowledge and so forth.

[00:08:12] So I'm sure that's attracted customers for you on, on the, in your other business as well.

[00:08:19] So I think that's a great idea.

[00:08:21] Take advantage of that.

[00:08:23] I've always told customers of mine, any opportunity you have to speak in front of a group, take it.

[00:08:29] Hmm.

[00:08:30] Take it.

[00:08:31] And, uh, it's, it's great practice for public speaking, but it's, it's fantastic marketing for your business.

[00:08:37] Yeah.

[00:08:38] The podcast idea is interesting because oftentimes you see people that are looking for ways to make themselves more credible or to create that subject matter expert that you can point to.

[00:08:51] And so sometimes people will write a book or they're a coauthor of a book or something like that.

[00:08:55] And that's a, that's a heavy lift, but it, it has a lot of, uh, visibility to, and credibility when you walk into a client, you hand them the book.

[00:09:04] So a podcast is, in my opinion, is kind of a digital way to do that.

[00:09:09] Like you can create a podcast.

[00:09:10] People don't have to know how many listeners you have.

[00:09:13] You could have one listener.

[00:09:14] It doesn't matter.

[00:09:15] You know, call your mom, say, listen to my podcast.

[00:09:18] It doesn't, it doesn't matter.

[00:09:19] The fact is you were able to say, I have a podcast and I cover X topics and you can, and there's all types of formats.

[00:09:26] Like you can have a podcast.

[00:09:28] It's five minute episodes, hour long episodes.

[00:09:31] You could do it once a week, once a month.

[00:09:34] There are people that do them in, in seasons and episodes, almost like TV.

[00:09:38] You know, they'll come out with, you know, 10 or 15 episodes and then they won't do any for a couple of months and then they'll have season two.

[00:09:45] And so there's all these different ways to do that.

[00:09:47] But you're able to then point to that and say, we have a podcast and we talk about privacy and security.

[00:09:53] We don't, I don't often talk about compliance because people, their eyes roll back in the back of their head when you start talking about HIPAA compliance.

[00:09:59] And so I really don't bring that topic up, which is an interesting way to do it.

[00:10:04] Because if you do go to your clients and you're like HIPAA this, HIPAA that, HIPAA this, HIPAA that, HIPAA that, usually you're not going to get very far with that.

[00:10:12] Because you're, you're coming in and you're looking at things from a compliance standpoint rather than from a security standpoint or risk standpoint.

[00:10:22] I don't, I don't want my clients to focus on compliance.

[00:10:26] I want them to focus on risk and then we'll get compliant because we've, we've addressed the risks that are there.

[00:10:32] Yeah. Yep. No, that's good. So I've got to ask you this because first of all, you're a pro, you've been doing it for 10 years and you're an eloquent speaker, but I will say most people aren't.

[00:10:46] And were you ever nervous in the very beginning when you first started this? Did you ever get nervous?

[00:10:51] Oh, absolutely. Um, it's, uh, I mean, it's one of those things where if you go back and listen to your first ones, it's they're horrible and you wish you could just take them down and, you know, delete them from the internet.

[00:11:03] It's the same way, whether it's audio or video and I don't produce as many videos as I should. That's one of the things that's on my list of to do's probably been on my list for a while, but I want to do more of that.

[00:11:15] And you do, you hate your, you hate the sound of your voice. You hate the way you look. Nobody else cares about any of that, but you're your worst critic.

[00:11:24] And right. The toughest part of speaking, whether it's public speaking or podcasting is understanding how to deliver your message and not stumble over yourself.

[00:11:37] You know, the arms and the us and all that kind of stuff. And that just takes practice.

[00:11:41] And once you've done it a few hundred times, then it kind of goes away and you, you learn to stop and not say anything. Now I still will say, um, or ah, sometimes, but it's not constant.

[00:11:52] And you, you start realizing that there are some words that you, that are filler words and you use those and you constantly do that.

[00:12:00] So if you listen to yourself, you pick up on those things and you just practice and you just keep doing it and you'll just get better at it just by, you know, by default.

[00:12:07] Yeah. Yeah. No, I love that. And it's, I don't think I've ever met anybody that said that they weren't nervous when they first started speaking.

[00:12:17] And I, I now teach public speaking classes. And one of the things I'll always say is, Hey, take that nervous energy and convert that into positive energy because know that you care.

[00:12:29] You're nervous because you care about your message. You care about doing a great job. And, um, normally that helps, you know, and then, or just smiling, but I could tell countless funny stories.

[00:12:42] I, um, I was terrified speaking in, in public. And I remember my company was growing really quickly and we went from, you know, three employees to a hundred plus employees in a short period of time.

[00:12:57] And we had a big marketing event. You'll, you'll appreciate this Dave and kind of chuckle, but, uh, early stages of networks.

[00:13:06] Plus we had a big customer appreciation event. And I remember it was right when the matrix movie came out. So kind of a cool high tech movie.

[00:13:12] We, well, we rented out the whole movie theater and had a red carpet night, the opening night. And we had over, it was almost 350 guests.

[00:13:23] And we let people bring their family members in. So bunch of customers, bunch of prospects. I had some strategic partners there and I was supposed to get up for 10 minutes right before the show, introduce myself, introduce the company.

[00:13:37] Thank everybody for being there. Tell them a little bit more about networks plus, and then we were going to play the movie. I was in the parking lot right before all of this. And I was so nervous. I was like, Oh my gosh, I don't know if I can do this.

[00:13:50] So I said a little prayer and then, uh, I may or may not have had a little flask with me, a couple nips of whiskey to kind of cool my jets. And, uh, it, it all turned out great, you know?

[00:14:03] And, and the one thing I'll say it's, you know, practice makes perfect. And I'm sure you've, uh, learned that the hard way too, but, um, you know, public speaking takes a little, little bit of time to get used to it, but practice makes perfect. So keep doing it.

[00:14:16] Yeah. Yeah. I mean, I've been fortunate that even, even as a kid, I was put in situations where I was out in front of a lot of people. And so I've done things from, I was a drum major in the band in high school. So you had to stand in front of everybody in the entire stadium, you know, and direct the band and things like that. And there's, there's a lot of other things where I've done, where I've been put in the spotlight, whether I wanted to be or not.

[00:14:43] Right. And, and there, even today, there's still things I do community wise. Like I, I just came off of the rotation of being the president of my local rotary club. And, um, and there's other things that I do where I kind of force myself to get out there, talk to people, get in front of people present or, or sometimes just, uh, you know, improv, which is kind of the hardest thing.

[00:15:06] But I really enjoy that part of it where you don't really have a plan. It's just like, Hey, let's have a conversation. What questions do you have? What can I talk about that, uh, that you might find valuable? And so I'll do that. There's times when I've been asked to present while I come in with no presentation, like we're just going to have a fireside chat. And those tend to be really, really good.

[00:15:26] Yeah. Yeah. That's awesome. That's awesome. Well, thanks for being honest and vulnerable, but, uh, I was excited about getting you on the program because I love, I love what you're doing. And, um, so if people want to get in touch with you, David, or, or learn more about the podcast, how, how can they connect with you?

[00:15:44] Sure. So the podcast, as you said, is it help me with HIPAA.com. You can go there website. And of course you can find the podcast anywhere that you listen to podcasts. Uh, you can reach out to me, uh, directly if you want to David at security first it.com. That's all spelled out. Uh, you can also give me David at help me with HIPAA.com and, uh, you'll get it there too. So those are the best places to, to get me.

[00:16:09] Yeah. So if you need help with HIPAA and want to learn more about, uh, compliance in that space, it's a fantastic podcast. I encourage you guys to subscribe for that. But, uh, Dave, it's always great to see you. Thanks for being on the program. And, uh, uh, any final words of wisdom for the audience?

[00:16:27] Uh, just don't give up, you know, keep, keep getting it. I know for a lot of people right now is kind of a tough time. It's, uh, it's the best time when things are going tough. If you can do it when things are tough,

[00:16:38] it's even easier when things are. So just keep, keep on keeping on. Love it. Love it. All right. Thanks again. Uh, all right, everybody, this is it for now. We'll see y'all next time.