HIPAA Handbooks

  • Privacy and security training for new and seasoned staff
  • 11 staff/setting focus areas
  • Education on protecting PHI
  • New HITECH Act changes
  • Discounts on bulk purchases



  • Role-based training using real-life case scenarios
  • Test-your-knowledge exercises with remediation
  • Post-course test to document staff participation


Other HIPAA Resources

  • Hot-topic audio conferences
  • Books on privacy and security
  • Newsletters
  • e-Newsletter
  • Videos


Archive for April, 2011

As if the healthcare community didn’t know by now.

This story out of Rhode Island illustrates the ongoing problem that no information — especially medical — is safe and confidential when you roll it out there on social networking services.

Tomorrow, check out our checklist for making sure you’re covered when it comes to social media, patient confidentiality and your hospital.


Here is a quick checklist of questions to ask regarding a social media policy at your hospital. It is provided by Phyllis Patrick, MBA, FACHE, CHC, and business partner Angel Hoffman, RN, MSN, cofounders of the AP Health Care Compliance Group:

  • Is your primary interest restricting or enabling the use of social media?
  • Does your organization view social media as a highly effective information gateway?
  • Have you asked your workforce how the organization can take advantage of the benefits of social media and avoid the pitfalls?
  • Have you developed a strong business case for social media use, supported at the appropriate level for each department and functional area, considering the organization’s mission, vision, and values; possible threats; technical capabilities; and potential benefits?
  • Does your IT staff understand that the goal should not be to say “no” to social media, but to follow good security guidance, with effective and appropriate security and privacy controls?
  • Does your organization have a policy addressing social media?
  • Does the policy reflect the viewpoints and needs of various stakeholders (e.g., patient care, research, education)?
  • How does the policy support the mission, vision, and values of your organization?
  • How does the policy affect your relationship with business partners and vendors/contractors?
  • How do you conduct training on the appropriate use of social media (on- and off-site)? Are you including appropriate use of social media in your overall security and privacy awareness training program?
  • How will you capture social media traffic and audit, analyze, and use it for security and privacy investigations, as appropriate?
  • Have you reviewed the Financial Industry Regulatory Authority’s (FINRA) Regulatory Notice 10-06, Guidance on Blogs and Social Networking Web Sites, to determine its applicability to your organization and how you might use its recommendations to strengthen your organization’s social media program? (Note: FINRA provides guidance on the responsibilities of companies to supervise the use of social networking sites. You can find the guidance here http://tinyurl.com/yexukyv).
  • How does your organization plan to use social media to generate new strategies, engage, and learn?

Editor’s note: This checklist was published in the January 2011 edition of the HCPro, Inc. newsletter, Briefings on HIPAA.

Comments (0)

Ed Bennett’s Hospital Social Network List points out some facts you may be trying to ignore:

  • 719: Number of hospitals with Facebook pages
  • 674: Number of hospitals with Twitter accounts
  • 448: Number of hospitals with YouTube channels

As of January, more than 900 hospitals were using 3,000-plus social networking sites. Those facilities make up just 15% of U.S. hospitals, but it’s a percentage worth noting, says Bennett, Web strategy director for the 757-licensed-bed University of Maryland Medical Center in Baltimore.

“It’s a fundamental change in how people are using the Internet,” he says. “There’s been a fundamental shift. People are spending more of their time in social media spaces. Any organization, whether it’s a hospital or commercial organization, should be giving this some thought.”

That HealthLeaders Media piece reminds us that privacy and security officers must be vigilant in protecting patient information in the age of social networking. See the post above, “Be careful what you post on Facebook,” for a checklist to ensure your social media policy is robust.

Dig in to these hospital social networking numbers

Categories : Uncategorized
Comments (0)

John Commins, for HealthLeaders Media

Two medical office workers in south Florida have been indicted on HIPAA violations and related charges for their alleged roles in an identity theft ring that used stolen patient information to access to their bank and credit card accounts, federal prosecutors said.

According to the indictment, defendants Erica Hall, 27, and Sharelle Finnie, 22, worked as office assistants at two separate medical offices in Coral Springs and Fort Lauderdale, respectively. The pair allegedly swiped patient information, including names, dates of birth, social security numbers, and other medical information, and sold it to co-conspirators. If convicted of the HIPAA violations, Hall and Finnie each face a maximum statutory term of 10 years in prison, federal prosecutors said.

Ten other alleged members of the theft ring – all Florida residents — also were indicted on bank fraud, identity theft, and related charges, including:

  • Jasmin Rembert, 33, of Miramar;
  • Rufus Bethea, 30, of Hollywood;
  • Bianca Cook, 21, of Lauderhill;
  • Courtney Gissendanner, 28, of Hollywood;
  • Brandi Johnson, 39, of Miramar;
  • Demarcus Hough, 30, of Ft. Lauderdale;
  • Darren Baldwin, 43, of Ft. Lauderdale;
  • Aaron Hough, 30, of Hollywood;
  • Minnie Powell, 49, of Pembroke Pines;
  • Eloise Sermons, 24, of West Park

Sermons, Cook, and Hough remain at large.

Gissendanner was identified by prosecutors as the alleged ringleader. He would use the stolen information to illegally add himself and others as “authorized users” on the victims’ credit card and bank accounts. The defendants then used the stolen personal identification information to empty their bank accounts and run up credit card charges as high as $128,000 in one case.

Prosecutors said Rembert worked at the Broward County School Board in the teacher certification department, where she had access to – and allegedly stole and sold — sensitive personal identification information from teacher certification databases.

If convicted of conspiracy to commit bank fraud, the defendants each face a maximum statutory term of 30 years’ imprisonment. If convicted of conspiracy to commit access device and identity theft, the defendants each face a maximum statutory term of five years’ imprisonment. If convicted of the substantive counts of access device fraud, the defendants each face a maximum statutory term of 10 years’ imprisonment.

Categories : HIPAA Violations
Comments (0)

How often do you read the Federal Register?

  • Daily
  • Weekly
  • Monthly
  • Only when something big comes out
  • Never

To submit your answer, go to “Quick Poll” at HCPro’s Corporate Compliance Web site.

Categories : Compliance Monitor
Comments (1)
John Commins, for HealthLeaders Media

Farzad Mostashari, MD, has been named National Coordinator for Health Information Technology, effective immediately. He replaces David Blumenthal, MD, who is returning to Harvard University after leading Office for the past two years, the Department of Health and Human Services announced.

Mostashari joined the Office of the National Coordinator in July 2009, serving as deputy national coordinator for the office, which is within the Department of Health and Human Services, said ONC in a media release.

Before that, Mostashari served at the New York City Department of Health and Mental Hygiene as assistant commissioner for the Primary Care Information Project, where he helped adopt prevention-oriented HIT used by more than 1,500 providers in underserved communities, ONC said.

Mostashari also led the NYC Center of Excellence in Public Health Informatics and an Agency for Healthcare Research and Quality funded project that focused on quality measurement at the point of care. Before that he established the Bureau of Epidemiology Services at the NYC Department of Health, charged with providing epidemiologic and statistical expertise and data for decision making to the health department, ONC said.

Trained at the Harvard School of Public Health and Yale Medical School, internal medicine residency at Massachusetts General Hospital, Mostashari completed the Centers for Disease Control and Prevention’s Epidemic Intelligence Service.

Mostashari was among the first developers of real-time electronic disease surveillance systems and acted as a lead investigator in the outbreaks of West Nile Virus and anthrax in New York City, ONC said.

Categories : HHS
Comments (0)