HIPAA Handbooks

  • Privacy and security training for new and seasoned staff
  • 11 staff/setting focus areas
  • Education on protecting PHI
  • New HITECH Act changes
  • Discounts on bulk purchases



  • Role-based training using real-life case scenarios
  • Test-your-knowledge exercises with remediation
  • Post-course test to document staff participation


Other HIPAA Resources

  • Hot-topic audio conferences
  • Books on privacy and security
  • Newsletters
  • e-Newsletter
  • Videos



HIPAA Q&A: Clinical note to wrong provider

Email This Post Print This Post

Q. We inadvertently sent a clinical note to the wrong healthcare provider. Must we conduct a risk analysis of this disclosure even if is not a reportable breach? We documented the inadvertent disclosure in the patient’s electronic health record, but must we do more?

A. Your documentation should include a brief risk analysis, such as: “Minimal risk of harm to patient because information was disclosed to another staff physician, who also must comply with privacy regulations.”

Editor’s note: Mary D. Brandt, MBA, RHIA, CHE, CHPS, a nationally recognized expert on patient privacy, information security, and regulatory compliance, answered this question. Brandt is associate executive director of HIM at Scott & White Healthcare in Temple, TX. Some of her publications were used as a basis for HIPAA privacy regulations. Advice given is general. Readers should consult professional counsel for specific legal, ethical, or clinical questions.

Leave a Reply