HIPAA Handbooks

  • Privacy and security training for new and seasoned staff
  • 11 staff/setting focus areas
  • Education on protecting PHI
  • New HITECH Act changes
  • Discounts on bulk purchases



  • Role-based training using real-life case scenarios
  • Test-your-knowledge exercises with remediation
  • Post-course test to document staff participation


Other HIPAA Resources

  • Hot-topic audio conferences
  • Books on privacy and security
  • Newsletters
  • e-Newsletter
  • Videos



HIPAA Q&A: Who is accountable for unshredded PHI?

Email This Post Print This Post

Q. Our family practice recently allowed a cosmetic laser procedure practitioner to share our space. Our physician is now that practitioner’s medical director. If the laser procedure component of the business does not shred PHI, can the family practice “landlord” be held accountable or equally as liable for any HIPAA violations?

A. Your exposure is a result of your physician’s status as medical director of the laser procedure practice. As medical director of the laser practice, your physician may be held liable for unauthorized disclosures of PHI. As medical director, your physician should ensure that the laser practice provides appropriate protection for PHI.

Editor’s note: Mary D. Brandt, vice president, health information management, at Scott &White Healthcare, Temple, TX, answered this question. She is a nationally recognized expert on patient privacy, information security, and regulatory compliance, and her publications provided some of the basis for HIPAA’s privacy regulations. Advice given is general. Readers should consult professional counsel for specific legal, ethical, or clinical questions.

Categories : HIPAA Q&A

Leave a Reply