HIPAA Handbooks

  • Privacy and security training for new and seasoned staff
  • 11 staff/setting focus areas
  • Education on protecting PHI
  • New HITECH Act changes
  • Discounts on bulk purchases



  • Role-based training using real-life case scenarios
  • Test-your-knowledge exercises with remediation
  • Post-course test to document staff participation


Other HIPAA Resources

  • Hot-topic audio conferences
  • Books on privacy and security
  • Newsletters
  • e-Newsletter
  • Videos


Archive for November, 2013

Minnesota-based Allina Health System recently fired a medical assistant at its Inver Grove Heights Clinic for inappropriately accessing medical records of 3,807 patients from February 2010 to September 2013, Pioneer Press reported.

Allina Health System includes 11 hospitals and more than 50 clinics. The privacy breach was not limited to patients seen at the Inver Grove Heights Clinic, according to Pioneer Press. The unidentified medical assistant accessed patients’ demographic, clinical, and insurance information, along with the last four digits of their Social Security numbers. There was no evidence that the medical assistant used the information for financial gain, according to the article.

Allina Health System offered complimentary identity monitoring services to affected patients, who received letters notifying them of the breach. In response to this incident, the health system is reevaluating its patient information policies and is examining computer security, Pioneer Press reported.

This is not the first time Allina Health System fired employees for snooping through medical records. In 2011, the health system terminated 32 employees for inappropriate medical record access following a mass overdose in Blaine, Minn., according to Pioneer Press.

Comments (0)

During a November 19 congressional hearing, three of four security experts who testified said HealthCare.gov should be shut down until security issues are resolved, Reuters reported.

Representative Chris Collins, R-New York, asked four security experts a series of yes–or–no questions about the Obamacare website during the House of Representatives Science, Space and Technology Committee hearing, according to Reuters. When asked if they thought the site was secure, the experts unanimously answered “no.” When asked if the site should be shut down pending the resolution of security issues, three experts said “yes” and one said he did not have enough information to respond, according to the article.

The website collects PHI including names, dates of birth, Social Security numbers, email addresses, and more.

What are your thoughts about the ongoing HealthCare.gov security issues?

Comments (0)

The American Medical Association (AMA) has posted free HIPAA resources on its website. The AMA website offers information to aid healthcare professionals in understanding the HIPAA omnibus rule. The site explains HIPAA requirements in detail and offers tools to aid physicians and other healthcare professionals comply with the rules, including:

A Q&A in the November Briefings on HIPAA resulted in several follow-up questions from readers, many of whom thought of various scenarios when leaving information on patient voicemail may or may not be appropriate. Check out the Q&A below and let us know what information you think is appropriate to leave on a patient’s voicemail.

Q . I am concerned about leaving certain information on a patient’s voicemail, because I believe any individual listening to the message could search the physician’s name and identify the service. The following example seems vague enough to me, but I’m not positive it is appropriate: “This is Dr. John’s office calling for Adam. We want to remind you of your appointment at 10 a.m. Thursday, November 28. Please call us at 123-456-7899 to confirm. Thank you.” What information is appropriate to leave on a patient’s voicemail?

A. The message you mentioned is appropriate. It provides enough information to remind the patient about the appointment without giving any details relating to the reason for the visit. For physician offices calling about lab results, one of the following messages would be acceptable:

  • “This is Dr. John’s office calling. All of your recent lab tests came back normal.”
  • “This is Dr. John’s office. Please call us at 123-456-7899 for your lab results.”

Note: Mary D. Brandt, MBA, RHIA, CHE, CHPS, vice president of health information, Baylor Scott & White Health in Temple, Texas, answered this question for HCPro’s Briefings on HIPAA newsletter.

Categories : HIPAA privacy, HIPAA Q&A
Comments (0)

MedicareFind demo on-demand

Posted by: | Comments (0)
Email This Post Print This Post

Last week, I posted an incorrect registration link for HCPro’s free MedicareFind™ demo. I apologize for an inconvenience or confusion this may have caused.

The free on-demand version of this demonstration is now available for those of you who were interested in the demo but were unable to attend for any reason. Please feel free to share this information with your colleagues.

If you would like to try the website out for yourself, head on over to MedicareFind.com and see what all the buzz is about.

Categories : Uncategorized
Comments (0)