HIPAA Handbooks

  • Privacy and security training for new and seasoned staff
  • 11 staff/setting focus areas
  • Education on protecting PHI
  • New HITECH Act changes
  • Discounts on bulk purchases



  • Role-based training using real-life case scenarios
  • Test-your-knowledge exercises with remediation
  • Post-course test to document staff participation


Other HIPAA Resources

  • Hot-topic audio conferences
  • Books on privacy and security
  • Newsletters
  • e-Newsletter
  • Videos



TIP: Include Red Flags requirements in any new BA agreement

Email This Post Print This Post

Chris Apgar, CISSP, president, Apgar & Associates LLC, in Portland, OR, has raised a red flag of his own. “The Red Flags Rule requires creditors (which most providers are) to reasonably ensure what HIPAA categorizes as (business associates) to implement their own identity theft protection program for accounts managed by the covered entity,” he says.

The Red Flags Rule (The Rule) became effective May 1, 2008, and is significant for BAs. Apgar recommends a small, but important, addition to new BA agreements and existing ones, if necessary.

The Rule is an amendment to the Fair and Accurate Credit Transactions Act of 2003. The Rule requires financial institutions and creditors with covered accounts to establish identity theft prevention programs to identify, detect, and respond to patterns, practices, or specific activities that could indicate identity theft.

Categories : Red Flags Rule

Leave a Reply