Your Podcast Hosts
Kathleen Mills, LPC-S,
Phillip Crum, JP
This Week's Guest Mentor
Managing Consultant for HALOCK Security Labs
HIPAA Compliance Procedures
HIPAA Compliance Procedures
Intro: Welcome to Your Practice Mentors, a weekly, on-demand radio show designed to mentor the next generation of mental health care providers, and help them jump start their careers. Listen to Kathleen Mills as she interviews leading experts and tackles the important topics. You’ll learn how to be proactive at protecting what you’ve worked for. She’ll equip you with right tools and framework to grow your business, and teach you how to defend yourself in today’s mental health care environment. Now, let’s join Kathleen.
Phillip Crum: Well, it’s been awhile.
Kathleen Mills: It’s been awhile.
PC: It’s been awhile. You’ve taken another one of your– what do you call your vacations? Sabbaticals? Where you disappear and come back like eight weeks later, and then it takes a month to get over it?
KM: Well, a girl’s got to run her business, right? C’mon.
PC: Welcome back, Kathleen.
KM: Hello, Phillip.
PC: I’m still Phillip Crum, Content Marketing Coach. You–
KM: I am… I know who I am.
PC: –are Kathleen Mills.
KM: Yes, I am.
PC: That’s right. Of Practice Mentors fame, see? I’ve got you set up right here.
KM: It looks so nice.
PC: We’re looking good.
PC: A lot has happened since last we spoke. Lots of things.
KM: Are you going to catch me up and tell me what I’ve missed?
PC: I’ve got grandchild number six in the oven and on the way.
KM: Well– better than you and me.
PC: You believe that? Four girls.
KM: No. I just hit two boys–
PC: Two boys and then a run of four girls.
KM: They’re single. All good.
PC: You just wait.
KM: Mother bear’s good.
PC: You just wait.
KM: I’m not going to hold my breath.
PC: Lots of little grand cubs coming along. And actually, since we last talked, you– I know you’ve been working on your HIPAA stuff because I get to hear about it a lot. HIPAA this and HIPAA that. HIPAA dippa do.
KM: What have you heard?
PC: I’ve heard it’s a lot of work!
KM: It is a lot of work, but you know.
PC: And it’s a few bucks and it’s a lot of work, but you’ve got to do it. Everybody has to do it.
KM: Everybody has to.
PC: We even interviewed that guy – what’s that guy? That boater guy up in Utah? That Ferran guy?
PC: Tod. Tod Ferran.
PC: HIPAA-dude-Ferran. That’s right.
KM: Yeah, a podcast [inaudible]
PC: And you managed to wrangle him down here. He’s here!
KM: Isn’t that awesome?
PC: He’s here! The Tod Ferran is in the house.
KM: Tod Ferran, how are you?
Tod Ferran: I’m great. How you doing?
KM: I’m great.
TF: I am in the house.
KM: Yeah, he’s more tired. I’m just punchy because I’ve had to listen to this HIPAA thing twice!
PC: He gets a little punchy after a long day. Most of the audience thinks she’s sitting on a feather but no; she just gets giggly like this.
KM: (Laughs) Everybody gets real quiet. I just get all revved up because I just love talking about things that people don’t like talking about.
PC: You met Tod on the– you were like, called 1-800-I’m-IT-Illiterate and he answered the phone and here we are.
KM: I’ll tell you how I met him.
KM: I was doing my PCI compliance with MasterCard/VISA terminal that I have at the office.
PC: You mean, like you couldn’t figure out how to get one of the cards to run? Is that what you’re–?
KM: No. It’s a yearly, annual security compliance checklist. You have to answer these complicated questions that I have no idea what they’re talking about. Have somebody on the other end of the phone explaining me the questions so I can answer appropriately–
PC: Aren’t those multiple choice, though?
KM: –so I don’t get in trouble. No, it’s not– it’s yes or no.
PC: No check boxes?
KM: It’s just yes or no. The check boxes, the guy on the other– So we started talking and I was a health care, I’m a health care provider and so it just the conversation just kind of rolled into, “Oh, so you need to, you need to get some security compliance with your HIPAA stuff.” And I went, “What do you mean? I thought we’re just talking about the MasterCard/VISA terminal.” So one thing rolled into the next and so then was dealing with Security Metrics and talked to, talking with my consultant there, just kind of rolled in–
PC: So basically after 15 minutes, the troubleshooting guy passed you up the chain–
KM: –I asked a lot of questions and I said, “So who’s this Tod Ferran guy?” And so yeah, he passed me up because I was a damsel in distress on the other end of the phone and– no, actually I had a lot of questions and so it just got me to thinking, I think a podcast would be in order for this because if I don’t know this stuff, then probably there are some other people who would probably like to know, too.
PC: Well, most people don’t know that his business card actually says HIPAA dude, so why don’t you give them a quick intro and then we’ll go from there?
KM: Tod Ferran, you are a security analyst with Security Metrics in the great state of Utah, and you travel all over so tell us about your travels and what you do for Security Metrics
TF: Okay. Great. You’re right; I do travel all over. I do both PCI and HIPAA. It’s interesting because they’re two completely different worlds – healthcare and retail, although there is some overlap. Most health care takes some sort of credit cards. But doing both, I get to travel the globe on the PCI stuff, and throughout the U.S. on HIPAA. And it’s fun. I really enjoy the HIPAA because– it’s interesting. HIPAA entities, they have a different stance and take on things than your average PCI retailer. A lot of the PCI retailers, they’re looking for, you know, just rubber-stamp me. Just get me, let me be compliant, okay? Whereas healthcare professionals, they want to do the right thing. They really, they honestly want to take care of their patient information. They’re overwhelmed and especially after they talk to me, they start pulling their hair out. I think some of them are bald now.
KM: You mean like the workshop you just got done with, sir?
TF: Oh my goodness, yes, goodness. Yeah, they– you know, it’s hard because they’re not security people and they understand that and to hear from a security guy and to really start to delve into the nuts and bolts of HIPAA, it’s overwhelming. There is a lot there, especially if you haven’t been exposed to those kinds of things really in the past. And most healthcare hasn’t. But they want to, like I said, they want to do the right thing. They want to take care of that patient information, so it’s a lot of fun to help them figure out, for their particular environment, what’s going to work best. Because there’s different ways to skin the cat, not to use metaphors, but I love to use metaphors and I try to mix them up sometimes. Sometimes I’ll skin the horse.
PC: We do a lot of animal metaphors around here.
KM: Or that elephant thing you were talking about today.
TF: Yeah. You know, to–
KM: One bite at a time.
TF: –elephant you got to take a bite at a time. And, you know, as I understand it, that person and I have not actually eaten an entire elephant, but I believe that there is filet mignon in the elephant so–
KM: And a rack of ribs.
TF: And a rack of ribs. So, you know, sometimes you got to take a bite of the tusk, okay? Which is a little hard to get down. But then you have a bit of the filet mignon and it’s not quite so bad, you know. So mix it up a little bit.
PC: Folks, Fred and Wilma have just joined us.
KM: You know, people who are listening to this podcast are probably wondering why there is such animation as I think we’ve both– you’ve just got done doing two workshops in a row for wonderful mental health professionals here in Dallas.
KM: And the one thing I really loved about both of those groups is they do have the spirit and the integrity. They want to secure their information. They want to be obedient to that. They’re– part of their whole clinical skills relies around confidentiality. And so they really want to do the right thing.
PC: And they actually weren’t upset today when you told them that it was not allowed to throw things?
PC: Throwing things is not good.
TF: Well you know what? At one point I did encourage them to throw things and nothing came up.
PC: Nothing? Nothing happened.
KM: I think they were too afraid. No, I do think that clinicians, and I will include myself in it, honestly, is we’re not good business people. We have the heart to serve and care for people, similar to medical doctors. They don’t want to run the business. They want somebody else to worry about that while they really treat their patients in the skill set that they just really love.
PC: But every businessperson wants to do that. It’s just especially prevalent– you know, the lady that bakes pies and starts a business. She just wants to bake pies. And somebody to take care of the business. Well, it doesn’t work that way. So whether you’re a pie-baker, or a doctor, dentist, Indian Chief, whatever you may be, you got to know this stuff.
KM: Whatever you choose to do, you are forced to look at the logistics, bottom line, at some point.
TF: You’re in charge of operations. You’re in charge of your business until you can grow it to the point where you can pay people to do that for you and that’s pretty tough in the mental health field. So yeah, you kind of have to be all things, got to wear all the different hats.
KM: You know, the one thing that I just– the question that came up for me while you were doing the workshop, and I’m just going to ask this to you and just comment on this, Tod, but if a security expert came to your office to do a walkthrough, what would he see or observe, and 2) what would he learn if he interviewed the staff?
PC: And use a barnyard analogy to do it.
TF: (Laughs) Yeah, right.
KM: Regarding patient data, or just things in general. What– how– what takeaways would that security analyst take away with that walkthrough?
TF: You know, it’s interesting. I had not thought about that. We take all the information that we hold for our clients very seriously. Particularly so on the audit staff because we have a lot of confidential information. We have network diagrams. We have data flow diagrams. We have things that a bad guy could use very easily to maliciously attack things. And we treat all of that as if it was patient information or if it was a credit card number. So for instance, on my personal laptop my hard drive is encrypted and then all the information that I have on clients or that I work with is on an encrypted file volume on top of that encrypted drive. So I have double encryption just on my personal laptop. When we’re in the office, to even get on my floor you have to have the right badge access, plus there is somebody at the front desk. So even if you had a badge and got through, if they didn’t recognize you, you’d be stopped before you even got to the offices. All of our offices are locked when we’re not there, and so to get to my office you’d have to have a badge, get past the gatekeeper, and then get the physical key to my office just to get into my office. Even once you’re there, there’s no data there in my office. It’s on my laptop and so we do also have and audit drive or a shared drive where we upload that customer information and that shared drive is also on an encrypted volume and has very limited access, very strict access to that drive. So, you know, we take it very seriously as a security company. We look at those kinds of things. We even have some of our guys that do some tests on things so we found that when we first put in that badge access system that if you took a ruler or a yard stick and you taped a piece of paper to it and slid it under the door and waved it, you could get the door to open. So we do those kinds of analyses on our own stuff, okay? So yeah, it’s kind of like you have, you know, two dozen guys that have been trained to be bad guys looking at your own stuff to make sure that–
PC: A ruler with a piece of paper?
PC: Was the ruler HIPAA compliant?
TF: No, that was the whole point. Yeah.
KM: When you talk about that, I think because clinicians, mental health professionals, are in the taking care of people’s emotional or– you know, their hearts, they also become removed to just the daily technology security issues because they’re not really– it’s not in their everyday world. Like, I’m at a call center and I’m on the floor as a work/life coach. To get to the floor, I had to go through many, many steps to just to get there and I was floored because in my mind I was thinking, “I’m just a work/life coach! I’m not going to take anybody’s stuff.” But I understand why. I get it. The whole world is revolving around lock down, security. We hear about the theft identity stuff, and your point today was, “It’s not just about a little plastic card. It’s about data, the patient information, like the date of birth – you can’t change that.” I mean can you talk about your analogy because I think that’s key.
TF: Oh yeah. I mean we– as a consumer, my credit card gets breached once or twice a year. I have a new credit card issued to me. And so what happens if my credit card information gets lost or stolen, like Target, okay? Or Home Depot. I get a brand new credit card issued to me. It’s a new credit card number. I don’t have to pay anything. It doesn’t cost me anything. I don’t even pay for the shipping to have that card sent to me. So, as a consumer, it’s not a lot of, you know– there’s no skin off my nose if somebody loses my credit card information. However, if somebody loses my patient information, things like my name, my date of birth, my social security number. Those are things that are non-perishable. They can’t be changed. I always make the joke in my presentations, “How many of you would like to change your date of birth?” Well, just about everybody would like to. But we can’t change it. And so once that information has been stolen, there’s no way for us to really backtrack that. There are some things that we can do to kind of help protect us. Things like you can go on the credit bureaus and have them lock your account, which we do and that’s great except that every three or four years I go and buy a car and they decline. They say, “No, I’m sorry you failed the credit check.” And I’m like, “Wait a second. No, I know what my credit it. Don’t be telling me I failed that.” And then it’s the duh moment.
KM: You were the secured guy.
TF: Oh, crap, yeah. I got a lock on it. Okay. One of us has to go home, open up the safe, get the credentials to go and unlock it long enough to run a credit check on us. So there’s a little bit of hassle to that, but it’s far less than the hassle if somebody was to exploit my information. Always, the easy one I think about is the gal that was working in a small clinic, took a picture of something at work and posted it to Facebook. In the background was a computer screen that had some patient information on it. Of course, it was a small town and they knew each other. The patient saw it up on Facebook, called and said, “Hey, what the freak? What are you doing with my data?” And she took it down off Facebook. So it was only up there for an hour.
PC: Why is my mammogram on YouTube?
PC: Oh boy.
TF: And during that hour, somebody had taken her information and gone down and submitted for food stamps.
TF: So it happens all over the place, and these small things are kind of funny to hear about. Funny for us, not so funny for the victims yeah. But those are small instances we know of that there are large breaches happening that we just, we don’t have the tools to realize that they are happening.
PC: But, c’mon, Tod. That stuff really– doesn’t it really always happen to somebody else?
KM: It doesn’t happen to the little guys.
TF: Yeah. You know, it doesn’t happen to me.
KM: Everybody’s after the big guys.
PC: Let me tell you what happened to me about six weeks ago. I get this letter in the mail from the IR-of-S and it’s telling me I’m getting a $10,000 refund.
KM: Oh my.
PC: Actually, it was just short of $10,000, which is a key point. Anyway, somebody had stolen my stuff. They had hacked into one of the online filing system companies, you know.
PC: One of those, yeah. And filed as me so I get that notice in the mail and it says, “Yeah, your 2014 return” and I said, “I haven’t even done it yet.” That was my clue. And so I called and of course I said, “How many of these do you get every year?” Because I only finished the sentence the half way and she finished it for me, and she said, “Oh, thousands of them.”
PC: Yeah. So. I’m not sure what to do yet. I mean, I got that fixed, but my info’s floating around out there somewhere.
TF: Yeah. How do you combat that?
KM: Right. How do you combat that?
TF: You put in credit locks. You monitor your cards. You monitor your credit bureaus. That’s really the things that you can do. You know, it occurred to me this week as I’ve been pondering this because it’s becoming a bigger problem. It’s going to become a bigger problem. And I’m a proponent of smaller government. I really am. But you know, it occurred to me that identity theft is really one of the big issues. I mean, we have health care theft as well with healthcare information they can get prescriptions and procedures done and we’ve got stories about those. I don’t ever remember giving Equifax or Transunion permission to store all this information about me, let alone pass it around to anybody that calls and looks, does a credit check. So to me, we’ve got a disconnect there as a society in that we’ve given these three credit bureaus this massive power without very much responsibility. Yeah, they’ll lock your thing, but they charge you for it. They’ll send you a credit report but they’ll charge you for it. Yeah, they’re mandated to give you a free one, but you can’t get your score with the free one. It just– there’s a real disconnect there as to what they’ve been allowed to get away with and what they really should be allowed.
KM: I have never thought about that.
PC: Disconnect. I’ve got another word for it.
TF: (Laughs) What the freak?
PC: What the freak?
TF: What the freak?
PC: That’s pretty close. Phonetically correct. Okay, but I’m a counselor and I’m on my own and I’m really steamed up because yesterday this HIPAA stuff wasn’t a problem. And today–
KM: It’s a nightmare.
PC: –they’re telling me it’s a problem. “They” is you. You, Kathleen.
TF: It’s actually Tod. Tod’s the one that’s telling you.
KM: It’s Tod.
PC: Blame it on Tod, okay?
KM: I’m just the messenger, man. Back away!
PC: Draw me a picture, a frame, some context. Why is it a problem today and it wasn’t a problem yesterday?
TF: Because our eyes were opened, okay? You know, yesterday our eyes were closed. It was still a problem, we just didn’t recognize it. We didn’t see it. We didn’t know it. The problem has been there. We’re just now starting to shed light on it, so as we’re starting to become educated and we’re starting to understand, that’s where our responsibility really starts to increase because we need to step up and do things about it. The problem has been there. Now, if we go back a little bit further and we say, “Well, what about 10 years ago? Was it a problem?” Yeah, it was a different kind of problem but it was still a problem in that we needed to protect that health information. Back then, AIDS was a much newer thing. It was a bigger deal. If somebody found out that you had AIDS, you know, it was all over the news and you were ostracized and lots of bad things happened around that. But we were all paper then, too – easier to track.
PC: Is ostrich-sized one of those animal things again?
TF: (Laughs) It’s part of the elephant. I’m not sure if it’s between the ribs or the filet.
KM: It’s a zoo.
PC: It’s tied together somehow. Hmm, okay. Sorry, go ahead.
TF: That’s alright. So the nature of the beast has changed a little bit. Technology has made it much easier for the bad guys to spread the information, or for unintended consequences to happen or people just to make mistakes has a bigger ramification.
PC: Is it mostly the societal stuff that’s happened, or is it legislative that’s pushed it and promoted it to the point where it’s a problem? I see it as a problem today as a counselor. Yesterday, it wasn’t a problem but today it’s going to cost me a bunch of money and a bunch of time that I didn’t have to devote in years passed.
TF: Well, again it comes back to, yeah we didn’t have to do that in the past because we weren’t taking responsibility. We didn’t know what we should do to protect that patient information. The legislation is behind the times. It’s playing catch-up based on the breaches, okay? So if we had, as an industry, done a good job of protecting that information so that there was never a breach, then the legislation would never have come out. If we look at the parallel in PCI – yeah they’ve tried several times to legislate things around credit cards, but they really don’t have to because it’s the industry’s policing itself. Strong-arm tactics from VISA and MasterCard, whether you agree or not, are keeping that fraud minimized to a degree because they’re the ones that have to foot the bill on it. Unfortunately, with health information, there’s no way to go back and force the entity that let the data slip to be responsible for it. The victims are responsible for it and that’s why legislation has come about to try to protect the victims.
PC: So this is Target’s fault?
TF: Yeah, absolutely. We blame everything on Target.
KM: Or Home Depot.
PC: What’s wrong with Home Depot?
KM: Didn’t Home Depot have a–
TF: Yeah, Home Depot’s got the bigger breach. Very similar software. I guess you missed the session that we talked about the Home Depot breach, but yeah the Home Depot now is the largest breach on record of PCI.
PC: Say it ain’t so. Say it ain’t so.
TF: I wish. I wish.
KM: It’s just right across the street from Target right here in Dallas.
PC: Well, that’s all fine and well and yicky-poo, but I work in a practice so I don’t have to worry about it. The boss will take care of this. So what’s the problem, right?
KM: That’s a great question, Phillip.
PC: I’m full of it.
PC: What’s he laughing for?
KM: My understanding with this today is that everybody is obligated. Every individual professional, mental health professional, medical professional, is liable or has the due diligence to secure their patient data.
TF: Yes. Every single one of us has a responsibility.
KM: Every individual.
TF: Every individual has a responsibility to do their very best to protect that information, and unfortunately our best in the past hasn’t been very good so.
KM: I’d kind of like to go back to the analogy of the call center, because the employees, while the employer is doing the security compliance and they’re doing the whole security training and what to have on, what not to have on, and all that, and the badges and to get to the call center floor, is the employee still has the due diligence of they can’t bring their cell phones in. They can’t bring their individual laptops in. They are responsible from when they walk out the door until they come back in. This is 24/7 with them because if they have something to do with a breach of some kind, they’re gone.
TF: Now, so as an employee at a call center, what happens if you break those rules?
KM: You’re fired.
TF: You’re fired, right? Now, if we compare that to protecting that information, so there are certain things you should be doing to protect that information. If you don’t protect that information, there’s nobody there to fire you.
TF: Right. And so that’s why the legislation has come into play. That’s why there’s things getting mixed in that, quite frankly, make it difficult for us.
KM: So comment on this, Tod– let me go and get this little thing that I pulled up. Clinicians are usually motivated by relationships, not by fear. And I think the legislative HIPAA, this whole HIPAA security, digital security, is really being legislated out of fear and not trying to have an educational response to, “Hey guys, here’s what’s coming down. Let me do these trainings for the medical profession or the health care industry.” But it’s more the legislation is out of, “We’re going to scare the fool out of you without really trying to have a relationship with providers,” to kind of get them on board.
TF: Yeah, but isn’t that really the norm for government?
KM: Yes, probably.
TF: Unfortunately, it kind of is. The other side of that is that the security rule came out in 2003.
TF: And so it’s not like this just barely surfaced.
KM: It didn’t happen yesterday.
TF: So it’s been adding to it. High Tech came out and Omnibus and, you know, it’s been evolving and they’re starting to put more and more teeth in it. You know, the government did train us to some degree to ignore them. You know, they came out in ’03 and said, “Yeah, we’re going to enforce this,” and they really didn’t. ’05 there was some more changes. They said, “Yeah, we’re going to enforce this,” and they really didn’t. High Tech came out. They said, “Yeah, this time we’re serious and we’re going to enforce it,” and they really didn’t.
KM: Crying wolf. The sky is going to fall.
TF: Yeah, exactly. And so nobody’s really felt that desire or motivation– and, you know, to Phillip’s point – a lot of it is, “It will happen to the other guy. It won’t happen to me,” whether it’s a random audit or a breach. But now we’re finally starting to see that, “We do need to take this seriously.” The Anthem breach, while it’s a very bad thing to lose 80 million records–
KM: You’re talking about Anthem Insurance?
TF: Anthem Insurance, yes. Unfortunately they had already been hit with a fine last year for loss of data. So they’re not new to losing data unfortunately. But, you know, it’s been good in that it sparked a lot of us in this industry to realize, “Hey, you know, this is serious and this information gets out there, it’s really hard.” Some of the things I like to point out and I didn’t today earlier, but take just a minute right now to point out is: We don’t realize how much that could impact patient’s health and safety. You know, if my information gets stolen and somebody does a procedure under my identity and they have an incompatible blood type and the blood type on my record gets changed to that blood type and then I’m involved in a car accident and they pump the wrong blood into me, how does that impact my personal health and safety? It’s a big deal. And so I think as we’re seeing these things come to light, we’re starting to realize, yeah this is really serious. And the actors against us– you know, I talk about organizations in China and North Korea and Russia. These organizations are serious about getting that data and they have the resources to really go after it and it doesn’t matter how big or how small we are. You know, if we have an internet connection, we’re vulnerable and they’re trying to get us.
KM: Yeah, you’re suggesting covert operations are very sinister.
TF: Well, they are unfortunately. They are coming after us and they’re coming after us really hard and really heavy.
KM: And you’re in this and you see this every day.
TF: Oh, I do. I do.
PC: Miss Kathleen, we have time for one more question and then I’m going to wrap it up.
KM: I know what my question is. My question is–
PC: Let’s hear it.
KM: How can you encourage the individual small mental health professional, solo, solo person– or maybe just a one or two colleague kind of practice– what things can you encourage them to do to help protect them?
PC: That was going to be my question, but I was going to say, give me the short, skinny checklist on where I can start and use a chicken in it to do that. Use a chicken in the story.
TF: Use a chicken in it. Okay.
TF: Yeah, a chicken. Oh, my goodness. Yeah, that’s a curve ball. Okay so I’m going to fall back on the DHS three items that they talked about. You know, it’s interesting because they don’t come out very often, but DHS did come out and say, “Look, there’s three things that would have prevented 85% of the breaches.” And those three things are: application whitelisting, which is a little more challenging to do but it can be done, even on the small single provider.
KM: Application whitelisting.
TF: Okay, application whitelisting. Using a non-administrative credential for our day-to-day work. So all of our laptops or PCs, whatever we’re using, don’t log in as the regular default admin account. Create yourself a different user account and use that account. And then the third thing is make sure that you stay up on your security patches, application patches, just keep current with all the patches. Now, those are the three core things to try and get out of the way at first. And my other point would be set aside time every week. It doesn’t have to be a lot of time. You don’t have to put eight hours a week into it, but even 15 or 30 minutes a week that you set aside and you schedule it. As you pointed out earlier, put it in your appointment book just like it’s a patient. I’m going to spend this amount of time, every Monday, every Tuesday, every Wednesday – whatever day of the week you choose – and work on it. Whether it’s educating yourself, whether it’s learning more about how do I do whitelisting, how do I make sure that my patches are up to date, how do I learn about phishing attacks that could be targeting me, and do that on a consistent basis. It’s that eating an elephant a bite at a time – do something and do it on a regular basis.
PC: We’ll take the elephant, okay? I didn’t get a chicken but. Alright, two things, sir. You’re in Addison, Texas, which is actually a giant restaurant.
TF: You know, I couldn’t help but notice that on my way from one hotel to the other was like restaurant row.
PC: Our school district is a restaurant.
KM: Did you know the history with the Addison restaurant venue? You could eat twice every day for a year and still not get to all the restaurants here.
TF: No way. That is incredible.
KM: Yeah, that’s just the whole town of Addison.
PC: And I know all the good spots because I am in perpetual culinary test mode.
KM: Well, Tod has a chance to eat at one last night.
PC: Where did you go?
TF: We went to Chamberlain’s and it was awesome!
PC: Oh, that’s right. That’s right.
TF: Yeah, it was excellent.
PC: There’s a lot of good ones around here, and if you need any advice, let me know.
PC: And the other thing I want to know before we let you get out of here is you’re going to be here for awhile, but I know you’ve got a house full of your own kids and you’re the proud grandpa of three?
TF: That’s correct.
PC: Okay, no names because this is a compliant interview, but tell me about those grandkids.
TF: Three daughters.
PC: Woo hoo!
TF: They’re two years apart, starting at nine years old, seven, and then five. And they are just wonderful. Now, unfortunately my oldest daughter who had these children was a mini-me of my wife, okay? Now we have three mini-mini-mes, okay? So it’s interesting because they each three have different traits from grandma and it’s an interesting combination.
PC: You call them like the M&Ms?
TF: I should! I hadn’t thought about that! The M&Ms.
PC: You got to think about these things, Tod.
TF: Exactly. Well, you know–
KM: That’s a stocking stuffer right there.
TF: Exactly. No kidding.
PC: My five are– I call them the five dirty birds.
TF: It’s better than Angry Birds.
KM: I can’t even talk about grandchildren.
TF: Kick your boys in the butt.
KM: No, I’m good.
PC: You can borrow mine until the feeling goes away.
KM: I need a rest. (Laughs)
PC: Well, sir, this has been fun.
KM: Tod, thank you so much–
TF: Thank you so much for having me.
PC: You bet, thank you.
KM: –for being here in Dallas.
TF: It’s been a pleasure. My pleasure.
KM: And for this extra podcast, and I just wish you the very best.
TF: Thanks, and to you guys.
KM: And so where can people get a hold of you if they want to be educated and maintain a good relationship with a company that can–
PC: Forget educated, we want to spend some money here. If they want to hire this man, where can they find you?
TF: (Laughs) You know what, start out with [email protected] and I’ll help you from there. We’ll figure out the right place for you and we’ll help you get– the big thing is let’s secure that information. Yeah, HIPAA compliance is important, but more important is let’s protect that information.
PC: What about you, lady? Where can we find you?
PC: I’m up the street from you.
KM: Yes. It’s like uptown Addison or something.
PC: That’s right. That’s right. We’re actually a half a mile apart so.
TF: And how many restaurants in between?
PC: About 80? On the right side of the road, yes. Another 80 coming back. Yep yep yep. You can find me at www.contentmarketingcoach.us or if you want to call me BR549 that will work, too. So – it’s a Hee Haw thing, okay?
KM: Okay. I wouldn’t know these things
PC: Say goodnight, Kathleen.
KM: Goodnight, Kathleen.
PC: Goodnight, Kathleen. Thank you, Tod.
TF: Good night.
PC: Appreciate it.
KM: Thank you, Tod.
PC: Thanks for listening, everybody. See you later.
Outro: Thanks for listening. If you found something of value in this show, please tell your colleagues about us. If you have a topic you’d like us to address, or know a subject matter authority that we might like to talk with, simply drop us a note to [email protected] and we’ll take it from there. Thanks again for sitting in with us, and we’ll see you next week.