HIPAA Handbooks

  • Privacy and security training for new and seasoned staff
  • 11 staff/setting focus areas
  • Education on protecting PHI
  • New HITECH Act changes
  • Discounts on bulk purchases



  • Role-based training using real-life case scenarios
  • Test-your-knowledge exercises with remediation
  • Post-course test to document staff participation


Other HIPAA Resources

  • Hot-topic audio conferences
  • Books on privacy and security
  • Newsletters
  • e-Newsletter
  • Videos


Archive for January, 2012


Dealing with data breaches

Posted by: | Comments (0)
Email This Post Print This Post

This article by Greg Freeman appeared on the HealthLeaders Media website January 23 and in the January 2012 issue of HealthLeaders Magazine.

You pick up the phone and someone tells you that a laptop containing thousands of patient files was left behind on the morning train. Or you learn that your own employees have been snooping into sensitive patient records for fun and profit. Or you discover that, for some odd reason, patient records have been posted on a completely unrelated public website for anyone to see, and they’ve been there for nearly a year.

Each of these scenarios has played out for some unfortunate healthcare executive, and they hold lessons in how to avoid such disasters, plus the best way to respond to such a crisis. Some of the most notorious HIPAA violations occurred within the UCLA Health System at the UCLA Medical Center, where singer Britney Spears was hospitalized in early 2008.

After the Los Angeles Times reported that employees had been caught perusing Spears’ records with no legitimate reason, the hospital confirmed the HIPAA violations, fired 13 employees, and took disciplinary action against others. It also suspended six physicians.

Read more on HealthLeaders Media.


Comments (0)
InfoLawGroup, LLC, began a three-part series June 11, 2011 that discusses security concerns and legal risks in the social media environment. The three-part 2011-2012 legal implications series for social media, authored by lawyer David Navetta in the Denver office of InfoLawGroup, LLC, includes:
  • Part 1: The Basics
  • Part 2: Privacy
  • Part 3: Data security
Navetta, in his final post in the series, says three main security-related issues pose potential security-related legal risks:
  • Accessing social media sites from company computers or personal computer devices connected to company networks that store sensitive company data, leading to potential malware, phishing, and social engineering attacks that result in security breaches and legal liability
  • Spoofing and impersonation attacks on social networks that pose legal risks: i.e., fake fan pages or fraudulent social media personas that appear to be legitimately operated
  • Information leaks resulting in an adverse business and legal impact when confidential information is compromised
For more on social media, check out our posts on HIPAA Update.  
Comments (0)

A federal judge sentenced an Atlanta man to 13 months in prison January 10 for intentionally accessing a competing medical practice’s computer without authorization in order to send marketing materials to patients, according to a U.S. Attorney’s office release.

Eric McNeal, a 38-year-old IT specialist, accessed the computer owned by A.P.A, a perinatal medical practice in Atlanta and his old employer, according to United States Attorney for the Northern District of Georgia Sally Quillian Yates. After leaving A.P.A. in November 2009, McNeal joined a competing practice located in the same building.

McNeal downloaded the names, telephone numbers, and addresses of A.P.A.’s patients, and then deleted all the patient information from A.P.A.’s system in April 2010. McNeal then targeted those patients with a direct-mail marketing campaign for his new employer, according to federal officials.

An HHS task force recommends that if the government encourages and helps develop health text messaging and mobile health programs, it better look into privacy and security concerns.

The task force Jan. 26 recommends that HHS conduct “further research” into the privacy and security risks associated with text messaging of health information and establish guidelines for managing such privacy/security issues.

“The exchange of health information via text messages raises privacy and security issues specific to this medium,” the task force wrote in an HHS release. “Text messaging programs may be subject to numerous privacy and security laws, including [HIPAA’s] privacy and security rules.”

HHS says in recent years, mobile health technologies have seen the expansion of:

  • Health text messaging
  • Mobile phone apps
  • Remote monitoring
  • Portable sensors

These “have changed the way healthcare is being delivered in the U.S. and globally,” according to the HHS release.

According to HHS, the task force was charged with helping identify ongoing initiatives and proposals for the delivery of health information via mobile phones.


A federal grand jury in the District of Puerto Rico indicted 10 individuals on 39 counts of conspiracy to commit healthcare fraud for nearly $2 million, according to a January 19 OIG press release. Among those indicted were Gilberto Gómez, president of Monte Mar Health Corporation, PROMEDS Medical Inc., and Quality Care Medical Supply, and his wife Yolanda García-Rodríguez, president of PROMEDS, secretary/treasurer of Monte Mar, and official at Quality.

Court documents indicate that between November 2008 and May 2010, Monte Mar Health Corporation submitted approximately 1,518 fraudulent claims for durable medical equipment (DME) resulting in a total of $1,440,597.65 in Medicare payments.

Gómez purchased PROMEDS in March 2010 and submitted approximately 359 in fraudulent claims to Medicare for DME which resulted in payments from Medicare totaling $335,493.12.

Lastly, Gomez purchased Quality and from October 2010 to May 2011 submitted false claims to Medicare and received $180, 657.77 in payments. Ultimately, Medicare paid a total of $1,956,750.54 to the three companies.

The defendants could face up to 10 years in prison for the healthcare fraud and a fine of up to $250,000.

Read more on the OIG website.

Categories : Compliance Monitor
Comments (0)