May 29, 2025

Episode #133. Toughman Contests, Cyber Threats & HIPAA Hacks, with David Sims, owner of Security First IT

Episode #133. Toughman Contests, Cyber Threats & HIPAA Hacks, with David Sims, owner of Security First IT

The true challenge with HIPAA isn't the regulation itself, but shifting healthcare providers' perspectives from compliance to proactive cybersecurity and patient risk management.

In this episode, David Sims shares deep insights into HIPAA, emphasizing its flexibility, the importance of "recognized security practices" under PL 116-321, and the need for the regulation to evolve with modern challenges like AI and sophisticated marketing techniques. David also covers his current business priorities, including educating small practices and aligning with Health Sector Coordinating Council goals, his personal experiences with risk-taking—from toughman contests to chasing ostriches—and his views on leveraging AI while maintaining a human touch. Finally, he reflects on the lessons of entrepreneurship and his underlying motivation to serve and protect, now in the digital sphere.

Tune in and learn valuable perspectives on cybersecurity, HIPAA, and the entrepreneurial journey in healthcare IT!


For more information and ways to increase risk awareness and safety, visit us at ⁠⁠⁠⁠⁠www.censinet.com⁠⁠⁠⁠⁠ .

About David Sims:

  1. David Sims, CHMSP, is a seasoned cybersecurity and IT strategist dedicated to helping healthcare practices protect patient data, simplify compliance, and eliminate technology headaches. As Managing Partner at Security First IT, he specializes in delivering managed cybersecurity and IT solutions that enhance both patient safety and business performance. With over 25 years of experience and a deep understanding of HIPAA, PCI, and cyber risk management, J. David ensures healthcare providers can focus on care, not tech issues. He’s also the co-host of the “Help Me With HIPAA” podcast, breaking down complex privacy and security topics with clarity and humor. Through multiple ventures, including HIPAA for MSPs and NachoKids.com, he empowers professionals and families alike to thrive through smart systems and support.

Things You’ll Learn:

  • The primary challenge with HIPAA is not the regulation's complexity but rather the perception of it as ambiguous instead of flexible. Shifting a healthcare practice's view from mere compliance to a genuine understanding of cybersecurity's role in risk reduction is crucial.
  • Adopting "recognized security practices" as outlined by Public Law 116-321 offers a significant advantage, acting as a "carrot" rather than a "stick" during OCR incidents or audits. This approach also helps mature an organization's cybersecurity posture by aligning with established frameworks.
  • Entrepreneurship, particularly starting a business, is inherently risky and requires constant adaptation and learning. Beyond technical proficiency in a craft, developing strong business acumen in areas like leadership, finance, and sales is essential for success.
  • Artificial intelligence offers powerful tools for enhancing business efficiency, such as marketing and content creation, which can be leveraged daily. However, it's vital to maintain a human touch and authentic voice, especially in communications, to avoid an overly robotic or impersonal presence.
  • A core motivation for working in cybersecurity can stem from a fundamental desire to serve and protect others, similar to roles in law enforcement. This mission translates into the digital realm by safeguarding individuals and organizations from online threats and vulnerabilities.

Resources: