HIPAA Handbooks

  • Privacy and security training for new and seasoned staff
  • 11 staff/setting focus areas
  • Education on protecting PHI
  • New HITECH Act changes
  • Discounts on bulk purchases



  • Role-based training using real-life case scenarios
  • Test-your-knowledge exercises with remediation
  • Post-course test to document staff participation


Other HIPAA Resources

  • Hot-topic audio conferences
  • Books on privacy and security
  • Newsletters
  • e-Newsletter
  • Videos


Archive for July, 2013

Privacy rights under HIPAA can catch up with you. In this case, it caught up with Walgreens to the tune of $1.44 million.

An Indiana jury awarded a woman that sum after it determined Walgreens and its pharmacist violated her privacy by sharing her prescription history, according to www.indystar.com

According to the lawsuit, filed in Marion Superior Court, pharmacist Audra Peterson inappropriately accessed Abigail Hinchy’s prescription information and shared the confidential information.

“As a provider of pharmaceutical service, defendant Walgreens Co. owes a non-delegable duty to its customers to protect their privacy and confidentiality of its customers’ pharmaceutical information and prescription histories,” Hinchy said in the lawsuit.

Hinchy is the ex-girlfriend of Peterson’s husband. The pharmacist shared the private information with her husband.

“We take seriously our responsibility to safeguard the privacy of medical records in our possession,” the company told www.indystar.com. “The pharmacist in this case admitted she was aware of our strict privacy policy and knew she was violating it. She was appropriately disciplined for her action.”

Walgreens says it plans to appeal the ruling, calling it a “misapplication of the law to hold an employer liable for the actions of one employee who knowingly violates company policy.”

Comments (2)

A 2009 tragedy that occurred in a high school weight room is raising questions about patient privacy rights under HIPAA.

The wife of a high school football coach who died at the hands of a former player testified before Congress in April and urged legislators to update HIPAA in a way that could prevent further tragedies.

Football coach Ed Thomas was murdered in June 2009 by a former player who walked into a summer training session at Aplington-Parkersburg High School in Parkersburg, Iowa, and emptied his gun at close range. The coach died on the way to the hospital and the former player, 24-year-old Mark Becker, was sentenced to life in prison in 2010.

Purchase the full Briefings on HIPAA July article or learn more about the newsletter.

Categories : HIPAA privacy
Comments (0)

A West Virginia woman is suing a healthcare organization for releasing some of her PHI to her husband while she was pregnant, according to The West Virginia Record

Savannah Murphy’s June 28 suit claims Marshall Obstetrics & Gynecology shared PHI with her husband as she was going through a divorce. The healthcare facility’s actions compromised her privacy and caused her damages.

Comments (0)

OMG at the OMIG

Posted by: | Comments (0)
Email This Post Print This Post

An Office of the Medicaid Inspector General (OMIG) employee was accused of independently sending 17,743 Medicaid recipient records to his or her personal email account. The employee has been placed on administrative leave during the investigation.

After taking a peek at the OMIG press release, I am inviting folks to a conversation or discussion on particular aspect of this incident in answering the following question: What technical safeguard does your organization have in place that may have detected this type of activity?

My guess is that many folks do not have any such technical safeguard. I am guessing MANY folks have an administrative safeguard such as a policy that prohibits this type of activity, but I am looking to see what others have done in the technical range.

What I have done to detect such activity is to restrict the emailing of any messages and attachments to popular public email sites. Note that the objective here is certainly not to be able to capture all such outgoing activity, because that would be a very difficult task and one that I can easily show is impractical to catch all possibilities.

But this has worked well, given how many folks often use personal email addresses from sites such as gmail.com, hotmail.com, yahoo.com, live.com, msn.com, etc.

Since email servers easily can track all outgoing email addresses, I think most people would be very surprised to find out that if they pulled outgoing address data from their systems, they would realize just how many emails are going out from the organization to these more popular email domains.

I have installed several other technical safeguards, but I’d like to hear from other folks and hear their experience with these.

Categories : Unsecure PHI
Comments (0)

On July 17, CMS released new data that demonstrate that doctors and hospitals are using EHRs to provide more information securely to patients and are using that information to help manage their patients’ care, according to a CMS website release.

Approximately 80% of eligible hospitals and more than 50% of eligible professionals have adopted EHRs and received incentive payments from Medicare or Medicaid.

By meaningfully using EHRs, doctors and other healthcare providers prove they have been able to increase efficiency while safeguarding privacy and improving care for millions of patients nationwide, according to CMS.

Since the EHR Incentive Programs began in 2011:

  • More than 190 million electronic prescriptions have been sent by doctors, physician’s assistants and other healthcare providers using EHRs, reducing the chances of medication errors
  • Healthcare professionals sent 4.6 million patients an electronic copy of their health information from their EHRs
  • More than 13 million reminders about appointments, required tests, or check-ups were sent to patients using EHRs
  • Providers have checked drug and medication interactions to ensure patient safety more than 40 million times through the use of EHRs
  • Providers shared more than 4.3 million care summaries with other providers when patients moved between care settings resulting in better outcomes for their patients





Comments (0)