HIPAA Handbooks

  • Privacy and security training for new and seasoned staff
  • 11 staff/setting focus areas
  • Education on protecting PHI
  • New HITECH Act changes
  • Discounts on bulk purchases



  • Role-based training using real-life case scenarios
  • Test-your-knowledge exercises with remediation
  • Post-course test to document staff participation


Other HIPAA Resources

  • Hot-topic audio conferences
  • Books on privacy and security
  • Newsletters
  • e-Newsletter
  • Videos


Archive for October, 2010


EHR disclosures on hard copies

Posted by: | Comments (3)
Email This Post Print This Post

I am a law student, attempting to find if the accounting requirements of EHR disclosures made for purposes of treatment, payment, and operations apply to hard copies as well.

Example: Some insurance companies don’t take electronic copies, so if a hospital prints a copy of an EHR to send off, would that need to be accounted for?

Thank you for your time.

Allison Hay

Categories : EHRs, HIPAA Q&A
Comments (3)

Q: Can mobile phones and smartphones be used to communicate patient information?

A: If the mobile phone or smartphone is used to call another provider and share patient information, this is generally considered permissible and not a significant risk, as long as users reasonably ensure that unauthorized individuals cannot overhear the phone conversation. On the other hand, if the mobile phone or smartphone is used to send patient information via text message, it can be a security risk because text messages are not usually encrypted. After conducting a HIPAA-required risk analysis, the provider may decide, that text messaging is important to providing quality care, and therefore elect to accept the risk. This would not be a violation of the HIPAA Security Rule as long as the provider documents the decision to accept the risk and the reasons why. However, if there is a breach and an unauthorized individual intercepts the text message including PHI, this would be a breach of unsecure PHI and the breach notification interim final rule would apply.

Editor’s note: Chris Apgar, CISSP, president of Apgar & Associates, LLC, in Portland, OR, answered these questions.

Categories : Compliance Monitor
Comments (0)

The Office for Civil Rights (OCR) and the Substance Abuse and Mental Health Services Administration (SAMHSA) will conduct their second joint discussion on the study, “Confidentiality and Privacy Issues Related to Psychological Testing Data” November 18 in Los Angeles.

The HIPAA Privacy Rule includes special protections relating to the use and disclosure of psychotherapy notes. The discussion will focus on whether these special protections also apply to “test data that is related to direct responses, scores, items, forms, protocols, manuals or other materials that are part of a mental health evaluation.”

For more information on the event, visit the OCR website.

Comments (0)

Can I leave messages (e.g. “this is a reminder your surgery is tomorrow and remember nothing to eat or drink after midnight”) on answering machine or cell voicemail? We only leave the message on answering machines or cell voicemails if they state their name.

Is this a HIPAA violation?

Categories : HIPAA Q&A
Comments (2)

Seventy-three defendants—including alleged members of an Armenian-American crime syndicate called Mirzoyan-Terdjanian—have been indicted for crimes involving more than $163 million in fraudulent billing of Medicare and insurance companies across the nation, the U.S. Department of Justice says.

The announcement came Wednesday after indictments were unsealed in California, Georgia, New Mexico, New York and Ohio. Law enforcement officials in the national, multi-agency investigation reported 52 arrests on Wednesday, in what the DOJ says is the largest prosecution of a Medicare fraud scheme committed by one criminal enterprise.

The defendants are charged with highly-organized, multi-million dollar schemes to defraud Medicare and insurance companies by submitting fraudulent bills for medically unnecessary treatments, or treatments that were never performed, DOJ alleges.

According to the indictments, the defendants allegedly stole the identities of doctors and thousands of Medicare beneficiaries and operated at least 118 different phony clinics in 25 states that submitted bogus Medicare reimbursement claims.

“The international organized crime enterprise known as the Mirzoyan-Terdjanian, fleeced the healthcare system through a wide-range of money making criminal fraud schemes,” says Kevin Perkins, FBI assistant director of the Criminal Investigative Division.

“The members and associates located throughout the United States and in Armenia, perpetrated a large-scale, nationwide Medicare scam that fraudulently billed Medicare for more than $100 million of unnecessary medical treatments using a series of phantom clinics,” Perkins said. “We want to restore the confidence in the nation?s healthcare system and assure practitioners we will not stand by and let their identities be used for criminal gain.”

Acting Deputy Attorney General Gary G. Grinder said the emergence of the Mirzoyan-Terdjanian operation “signals a dangerous expansion that poses a serious threat to consumers as these syndicates are willing to exploit almost any program, business or individual to earn an illegal profit.”

Here is the breakdown for the defendants:

  • Forty-four defendants were charged in two indictments unsealed Wednesday in New York with racketeering conspiracy and conspiracy to commit: healthcare fraud, bank fraud, money laundering, fraud in connection with identity theft, credit card fraud and immigration fraud.
  • Seven defendants were charged in New Mexico with healthcare fraud, mail fraud, wire fraud, money laundering conspiracy, money laundering, forfeiture and aggravated identity theft.
  • Six defendants were charged in Georgia with healthcare fraud, conspiracy to commit healthcare fraud, money laundering conspiracy and aggravated identity theft.
  • Six defendants were charged in Ohio with healthcare fraud, mail fraud, conspiracy to commit mail fraud, wire fraud, conspiracy to commit money laundering and aggravated identity theft.
  • Ten defendants were charged in two indictments in California with conspiracy to commit bank fraud, bank fraud, money laundering, conspiracy to launder monetary instruments, criminal forfeiture, aggravated identity theft, aiding and abetting, and causing an act to be done.

Federal prosecutors say Mirzoyan-Terdjanian is named for its leaders, Davit Mirzoyan and Robert Terdjanian. The gang is based in Los Angeles and New York, and its operations extend throughout the United States and internationally.

Among the defendants charged with racketeering is Armen Kazarian, who is alleged to be a “Vor,” a term translated as “Thief-in-Law,” which refers to a member of a select group of high-level criminals from Russia, Armenia, and other countries that had been part of the former Soviet Union. This is the first time a Vor has been charged with racketeering, and the first time since 1996 that a Vor has been arrested on a federal charge.

Comments (0)