HIPAA Handbooks

  • Privacy and security training for new and seasoned staff
  • 11 staff/setting focus areas
  • Education on protecting PHI
  • New HITECH Act changes
  • Discounts on bulk purchases



  • Role-based training using real-life case scenarios
  • Test-your-knowledge exercises with remediation
  • Post-course test to document staff participation


Other HIPAA Resources

  • Hot-topic audio conferences
  • Books on privacy and security
  • Newsletters
  • e-Newsletter
  • Videos


Archive for October, 2012

An Ohio health system fired several employees who inappropriately viewed a single patient’s medical record and violated HIPAA, according to an October 30 report in the News Herald.

A routine audit of electronic medical records at the Lake Health health system in the Cleveland area led to the discovery. The patient’s record was randomly selected.

Lake Health did not say how many employees it fired but said several were terminated.

“Patient privacy is the bedrock of what we do,” Gary Robinson, vice president of government and community affairs for Lake Health, told the News Herald. “If patients don’t feel comfortable giving us information, it compromises us giving them the best care. We take patient privacy extremely seriously and we won’t tolerate a breach of a patient’s privacy.”

Comments (0)

OCR has confirmed an investigation into a medical center that left patient records exposed in its abandoned facility that shut down six years ago, according to an October 20 report from Trib Local Media.

The abandoned records at Monsour Medical Center in Jeannette, PA, were discovered this month when Jeannette city attorney Scott Avolio inspected parts of the trash-filled complex with a Tribune-Review reporter and photographer.

“These records are readily accessible,” Avolio said. “There’s definitely sensitive information here.”

The hospital closed in 2006 because of a number of failed state inspections. The city does not have the $250,000 to $1 million needed to demolish it, according to the report.

The patient records left in the facility included names, addresses, diagnoses, detailed treatment plans, insurance information, dates of birth and Social Security numbers.


Comments (0)

Blount Memorial Hospital in Maryville, TN, has informed patients on its website of the theft of a hospital laptop containing registration records of about 27,000 patients.

The laptop was reported stolen from an employee’s home on August 25 and has not yet been recovered. Although the laptop was password-protected and contained no medical information, it did contain some patient and responsible party non-medical information.

The information included two groups of patients:

  • 22,000 patient records listing patient name, date of birth, responsible party  name, patient address, physician name and billing information
  • Approximately 5,000 patient and responsible party records with the information above and other non-medical information, including social security numbers

At this point, hospital officials say they have no reason to believe that this information has been accessed or used improperly. The hospital is helping patients with ways to protect their personal information from any harm.


Comments (0)

We are in the process of adding an orthopedic clinic to our clinic system. They have a room where they may be seeing five people at a time. This is for re-checks after surgery, etc.

The physicians and staff do discuss treatment plans with the patients and obviously the other patients can hear it.

Is this OK?

Categories : HIPAA Q&A
Comments (1)

Halfway to 1,000.

OCR, the HIPAA privacy and security enforcer, has reported 502 patient-information breaches affecting 500 or more individuals.

OCR added the breaches to its breach notification website. The total number of breach reports of this kind reached 477 as of early August.

OCR began posting the breaches per HITECH in February 2010. In two years and about seven months, OCR has reported an average of about 16 breaches per month, or one every other day. The breaches date back to September 2009 but began appearing online in February 2010.