HIPAA Handbooks

  • Privacy and security training for new and seasoned staff
  • 11 staff/setting focus areas
  • Education on protecting PHI
  • New HITECH Act changes
  • Discounts on bulk purchases



  • Role-based training using real-life case scenarios
  • Test-your-knowledge exercises with remediation
  • Post-course test to document staff participation


Other HIPAA Resources

  • Hot-topic audio conferences
  • Books on privacy and security
  • Newsletters
  • e-Newsletter
  • Videos



CMS security audit findings

Email This Post Print This Post

CMS’ 2008 audits revealed six areas where covered entities (CE) struggle to comply with the HIPAA Security Rule:

  • Risk assessment
  • Currency of policies and procedures
  • Security training
  • Workforce clearance
  • Workstation security
  • Encryption

CMS’ audit report also detailed corrective actions organizations took to resolve problems. OCR now has responsibility for enforcing the Security Rule.

Check out these PDFs for the full CMS report.

Categories : Uncategorized


  1. Frank Ruelas says:

    The first bullet: risk assessment and analysis, is not a surprise at all and consistent with what I am seeing in my interactions with covered entities of all sizes and configurations.


  2. Linda Kristie says:

    Do you have the paper referenced in the Analysis and Summary of Results documents on page 3; it is titled “Basics of Risk Analysis and Risk Management”. CMS provided the paper in a security series but the link in the document is not working. (I have searched their site with no luck.)

  3. Frank Ruelas says:

    Thanks MillCreek!


Leave a Reply