HIPAA Handbooks

  • Privacy and security training for new and seasoned staff
  • 11 staff/setting focus areas
  • Education on protecting PHI
  • New HITECH Act changes
  • Discounts on bulk purchases



  • Role-based training using real-life case scenarios
  • Test-your-knowledge exercises with remediation
  • Post-course test to document staff participation


Other HIPAA Resources

  • Hot-topic audio conferences
  • Books on privacy and security
  • Newsletters
  • e-Newsletter
  • Videos


Archive for June, 2014


In light of OCR’s recent $4.8 million settlement with New York and Presbyterian Hospital (NYP) and Columbia University (CU) for HIPAA violations, one auditing solutions company released a list of five ways to prevent a breach.

Software provider Netwrix Corporation suggests that healthcare organizations and insurance providers take the following steps to maintain HIPAA compliance:

  • Create strict policies and procedures to protect your IT infrastructure and minimize risk
  • Perform audits to ensure policies have the desired effect
  • Prove you are compliant by generating audit report
  • Implement an automated change auditing solution to detect breaches sooner
  • Be prepared for requirements to become more strict as breaches occur more frequently


Comments (0)


Just months after HHS announced it entered into a $1.7 million resolution agreement with Concentra Health Services, a national healthcare company, for HIPAA violations, the healthcare company is under scrutiny again, according to 23 ABC Kero Bakersfield.  

In April, HHS and Concentra agreed upon a monetary settlement and corrective action plan following the theft of an unencrypted laptop computer from the healthcare company’s physician therapy center in Springfield, Missouri, according to the resolution agreement. HHS made an example of Concentra in more ways than one. Aside from the hefty fine it imposed, HHS released a statement about the importance of encryption and cited Concentra as an example of what can go wrong if covered entities (CE) fail to execute appropriate risk management measures to reduce a lack of encryption.

After news of Concentra’s oversights went public, one would assume the CE would want to tie up loose ends. However, the healthcare company may find itself under the watchful eye of HHS once again after records created by Concentra Urgent Care in Bakersfield, California, were found in a public recycling bin, 23 ABC Kero Bakersfield reported.

The urgent care facility closed its doors in February 2013 and legally transferred all of its records to Accelerated Urgent Care in Bakersfield. Although Accelerated Urgent Care was responsible for the records at the time of the breach, it blames a contractor for dumping the records in the public recycling bin without permission, the news station reported.

Comments (0)


Submit your HIPAA questions to Editor Jaclyn Fitzgerald at jfitzgerald@hcpro.com and we will work with our experts to provide the information you need.

Q: My organization is revising its HIPAA policies with the goal of consolidating current policies and making them more user-friendly overall without compromising or eliminating essential information. Is there a checklist or list of recommended policies required for an organization to be HIPAA compliant?

A: There is no specific list. However, you should ensure that your policies address all of the privacy, security, and breach notification requirements in the HIPAA rules. Various resources provide policy templates that organizations can use as a reference when simplifying policies. Ensure that templates are from a reliable vendor. Some associations have template resources that organizations can access and customize.

There is no set number of policies that organizations must implement. You can combine requirements in one policy. For example, all use and disclosure requirements (e.g., for treatment, payment, healthcare operations, required by law) can be combined in one policy.

When purchasing templates, customize them to meet the needs of your organization. Consider other applicable laws, such as state privacy laws and federal alcohol and chemical dependency laws. Policies must be current, accurate, and enforceable. Some templates may not apply to your organization, so it is wise not to use them.

Editor’s note: Chris Apgar, CISSP, president of Apgar & Associates, LLC, in Portland, Oregon, answered this question for HCPro’s Briefings on HIPAA. This information does not constitute legal advice. Consult legal counsel for answers to specific privacy and security questions.

Join us for a 90-minute webcast about HIPAA auditing at 1 p.m. (Eastern) Tuesday, July 29.

With HIPAA audits slated to resume and OCR monetary settlements steadily increasing, the threat of ending up on OCR’s “wall of shame” is greater than ever. OCR recently hit two covered entities with the largest HIPAA settlement to date: a combined $4.8 million penalty for alleged violations during a joint arrangement.

The first step to ensuring HIPAA compliance is developing an effective risk analysis and management process that identifies gaps, thereby keeping your organization off the government’s radar. Learn strategies for conducting an internal audit of your organization—before the government audits you.

During this program, HIPAA compliance experts Margret Amatayakul, MBA, RHIA, CHPS, CPHIT, CPEHR, CPHIE, FHIMSS, and Kathy Perkins-Smerdel, BS, CHC, will explain how to develop a thorough risk analysis process and implement an internal auditing program, offer tips on how to prepare for an audit, and identify flaws in privacy and information security programs.

At the conclusion of this program, participants will be able to do the following:

  • Develop an effective, well-documented risk analysis process
  • Prepare for OCR/CMS audits
  • Identify privacy and information security program deficiencies

For more information or to place an order, call 800/650-6787 and mention Source Code EZINEAD or visit the HCPro Healthcare Marketplace.

The Senate confirmed Sylvia Mathews Burwell as the new secretary of HHS June 5, according to The New York Times.

Burwell previously served as the director of the White House Office of Management and Budget. She won the vote for secretary of HHS 78-17, the newspaper reported. Burwell will oversee Medicare and Medicaid programs, the National Institutes of Health, and the Food and Drug Administration.

Kathleen Sebelius announced her resignation as secretary of HHS in April. President Barack Obama nominated Burwell for the position shortly thereafter, The New York Times reported.

Categories : HHS
Comments (0)