HIPAA Handbooks

  • Privacy and security training for new and seasoned staff
  • 11 staff/setting focus areas
  • Education on protecting PHI
  • New HITECH Act changes
  • Discounts on bulk purchases



  • Role-based training using real-life case scenarios
  • Test-your-knowledge exercises with remediation
  • Post-course test to document staff participation


Other HIPAA Resources

  • Hot-topic audio conferences
  • Books on privacy and security
  • Newsletters
  • e-Newsletter
  • Videos


Archive for March, 2013

A Massachusetts state college suffered a breach of personal information of as many as 25,000 past and present employees after one of the college’s computer servers was infected with a virus, the Gloucester Daily Times reported March 16.

Salem State University sent notification to the current and former school employees whose information was on the infected server. The breach affects people who have received a paycheck from the university — from full-time staff to students who were employed on campus.

Salem State is offering to pay for one year of ID protection services through Experian for those affected and mailed letters last week everyone whose information was on the affected server. 

Salem State includes roughly 10,000 undergraduate and graduate students. As of fall 2011, the university had a total of 1,376 full- and part-time faculty and staff.

Categories : Uncategorized
Comments (0)

Though OCR would not provide an update on an investigation into the nation’s largest drugstore chain for potential HIPAA violations, it did confirm an actual investigation with HIPAA Update earlier this year.

An OCR spokesperson declined to offer commentary when asked about its investigation into Walgreens but said, “OCR cannot comment on this investigation at this time,” in a January 17 e-mail to HIPAA Update in January, the same day the privacy and security enforcer released the HIPAA mega rule.

The investigation is a continuation of one that cost the industry’s second- and third-largest chains millions of dollars in settlements.

In August of 2010, OCR confirmed its investigation into Walgreens based on the same television media reports that led to million-dollar settlements with CVS and Rite Aid for potential HIPAA violations.

The HIPAA privacy and security rule enforcer’s investigation into CVS and Rite Aid began September 27, 2007, according to each pharmacy chain’s consent agreement with the Department of Health & Human Services. The agreement included a $2.25 million settlement for CVS (announced February 18, 2009) and a $1 million payment by Rite Aid (announced July 27, 2010) with HHS.

Though neither consent agreement mentioned an investigation into Walgreens, OCR confirmed in 2010 that it is looking into the HIPAA compliance practices of the Deerfield, IL, company.

Walgreens operates the most number of drugstores in the country ahead of No. 2 CVS and No. 3 Rite Aid.

HHS’s consent agreements with CVS and Rite Aid revealed that the pharmacies disposed pill bottles and prescriptions that included protected health information in trash containers without proper safeguards.

WTHR, the Indianapolis television outlet that broke the improper disposal practices after a nationwide “dumpster-diving” investigation, reported that Walgreens was one of the pharmacies where it found PHI in Dumpsters with easy access by the public.

In addition to paying HHS $1 million, Rite Aid signed a consent order with the Federal Trade Commission (FTC) to settle potential violations of the FTC Act and agreed to report compliance efforts to the FTC for 20 years.

Categories : HIPAA News, OCR
Comments (0)

A national phone company is introducing the first national service enabling doctors to securely exchange medical records on any type of computer, Bloomberg reported March 4.

A dozen U.S. hospital systems and other clients tested the system created by Verizon earlier this month. Under the program, medical providers who pay a monthly fee will be able to share data, texts and e-mails while still meeting U.S. privacy standards.

Categories : EHRs
Comments (0)

Google admitted it secretly collected medical information — along with e-mail, financial records, and passwords — by data-scooping from millions of unencrypted wireless networks during its Street View mapping project, The New York Times reported March 12.

The settlement came after a case brought by 38 states involving the project. Google now for the first time must aggressively police its own employees on privacy issues and explicitly tell the public how to fend off privacy violations like this one, The Times reported.

Google agreed to pay $7 million.

Categories : HIPAA News
Comments (0)

HHS says this year it will accelerate health information exchange (HIE) and build a seamless and secure flow of information essential to transforming the healthcare system.

This year, HHS will:

  • Set aggressive goals for 2013: HHS is setting the goal of 50 percent of physician offices using electronic health records (EHR) and 80 percent of eligible hospitals receiving meaningful use incentive payments by the end of 2013. 
  • Increase the emphasis on interoperability: HHS will increase its emphasis on ensuring electronic exchange across providers. It will start that effort by issuing a request for information (RFI) seeking public input about a variety of policies that will strengthen the business case for electronic exchange across providers to ensure patients’ health information will follow them seamlessly and securely wherever they access care. 
  • Enhance the effective use of electronic health records through initiatives like the Blue Button initiative. Medicare beneficiaries can access their full Medicare records online today. HHS is working with the Veterans Administration and more than 450 different organizations to make healthcare information available to patients and health plan members. HHS is also encouraging Medicare Advantage plans to expand the use of Blue Button to provide beneficiaries with one-click secure access to their health information. 
  • Implement Meaningful Use Stage 2: HHS is implementing rules that define what data must be able to be exchanged between Health IT systems, including how data will be structured and coded so that providers will have one uniform way to format and securely send data. 
  • Underscore program integrity: HHS is taking new steps to ensure the integrity of the program is sound and technology is not being used to game the system. For example, it is conducting extensive medical reviews and issuing Comparative Billing reports that identify providers.

The goals build on the significant progress HHS and its partners have already made on expanding health information technology use. EHR adoption has tripled since 2010, increasing to 44 percent in 2012 and computerized physician order entry has more than doubled (increased 168 percent) since 2008.

Categories : HHS
Comments (0)