HIPAA Handbooks

  • Privacy and security training for new and seasoned staff
  • 11 staff/setting focus areas
  • Education on protecting PHI
  • New HITECH Act changes
  • Discounts on bulk purchases



  • Role-based training using real-life case scenarios
  • Test-your-knowledge exercises with remediation
  • Post-course test to document staff participation


Other HIPAA Resources

  • Hot-topic audio conferences
  • Books on privacy and security
  • Newsletters
  • e-Newsletter
  • Videos


Archive for February, 2013

If you can’t beat OCR, join them.

The HIPAA privacy and security enforcer is advertising open Health Information Privacy Specialist positions. The positions are available in the Department of Health and Human Services (HHS), Office of the Secretary, OCR) and the Office of the Deputy Director Health Information Privacy (ODDHIP) in Washington, DC. 

OCR is seeking experience in privacy and security compliance and enforcement as well as in the areas of policy, outreach, and health information technology systems.

For more information on these positions, go to http://www.usajobs.gov/ and enter the corresponding job announcement number.

Titles and job announcement numbers:

Health Information Privacy Specialist, GS-0301-13/14         HHS-OS-MP-13-846340

Health Information Privacy Specialist, GS-0301-13/14         HHS-OS-DE-13-846235

The open period for these positions is Wednesday, February 27, 2013 to Tuesday, March 12, 2013.   

Categories : Uncategorized
Comments (0)

According to the HIPAA BlogOCR will be focusing its HIPAA compliance oversight on entities that have a long history of noncompliance.

“Entities that can demonstrate efforts to create and nurture a ‘culture of compliance’ will come out of audits looking good,” according to the blog. “Entities that violate HIPAA in ways that raise a high risk of data breaches (such as with mobile devices) will bear the brunt of OCR’s enforcement activities, which will definitely be stepped up after publication of the Omnibus Rule. And if you don’t have policies and procedures in place, you will pay penalties.”

The blog picked up the tip from BNA.

Categories : OCR
Comments (0)

A Johns Hopkins gynecologist who turned up dead Feb. 18 may have photographed and videotaped his patients without permission, according to a report in The Baltimore Sun.

Nikita A. Levy, 54, was let go by Johns Hopkins Medicine earlier this month after a colleague alerted security staff to the allegations, hospital officials said. They said Levy had been capturing images of patients with personal photo and video equipment, according to The Sun.

Levy worked at Hopkins’ East Baltimore Medical Center for more than two decades.

A hospital spokesperson said Levy’s alleged behavior violated Hopkins code of conduct and privacy policies and was “against everything for which Johns Hopkins Medicine stands.”

Police officials say the death is being investigated as a suicide. No gun or knife was used. His body was to be taken to the state Office of the Chief Medical Examiner for an autopsy.

Comments (0)

U.S. Congressmen have written the HHS Secretary for clarification on how the HIPAA Privacy Rule restricts states from producing information that stem from background checks on mentally-ill patients. The letter says the House’s Committee on Energy and Commerce is examining “a range of problems and issues” stemming from the Newtown, Conn., school shooting tragedy in December.

They want to know exactly how HIPAA affects the ability of state and local governments to share mental health records with the National Instant Criminal Background Check System (NICS).

Categories : HIPAA privacy
Comments (0)

More thoughts on the HIPAA omnibus final rule from Rebecca Herold, CISSP, CIPP/US/IT, CISM, CISA, FLMI, partner in Compliance Helper and CEO of The Privacy Professor of Des Moines, IA:

“As Kathleen Sebelius indicated in her announcement, the changes truly do help to address technology advances in a better way,” Herold says. “At the same time, those changes bring with them the importance of having the folks who are managing the compliance to also have a strong understanding of information security concepts, information technologies, privacy principles, and then being able to make consistent risk assessments for how all those topics fit in with each of their own, unique work environments.”

HIPAA compliance has to move beyond just the checklist activity that most CEs and BAs have been doing, Herold says.

“They now need to add critical thinking and analysis skills to be able to identify when and where safeguards are needed to protect PHI, when an incident is actually a privacy breach, when a privacy breach necessitates notice, and a wide range of other compliance related decisions.”

Comments (0)