HIPAA Handbooks

  • Privacy and security training for new and seasoned staff
  • 11 staff/setting focus areas
  • Education on protecting PHI
  • New HITECH Act changes
  • Discounts on bulk purchases



  • Role-based training using real-life case scenarios
  • Test-your-knowledge exercises with remediation
  • Post-course test to document staff participation


Other HIPAA Resources

  • Hot-topic audio conferences
  • Books on privacy and security
  • Newsletters
  • e-Newsletter
  • Videos


Archive for July, 2015

cadeucus-medicalAnyone who has a Blue Cross Blue Shield (BCBS) health insurance plan, with a few exceptions, should have free identity protection services as of January 1, 2016.

The national Blue Cross Blue Shield Association (BCBSA) announced July 14 that it would offer these free services as a permanent benefit to more than 106 million customers at all Blue companies nationwide.

This is the latest step in the health insurance giant’s efforts to protect customer safety and security in a world where cyber-attacks are a constant threat to every business and government entity. BCBS companies have, consequently, taken aggressive steps to protect their customers and lead the healthcare industry in cybersecurity, according to a press statement.

Read More→

hosp01St. Elizabeth’s Medical Center in Boston has agreed to a corrective action plan and civil fine of $218,400 with OCR to address deficiencies in its HIPAA compliance program following employee practices at the hospital that exposed ePHI on more than 1,000 patients.

OCR initially received a complaint in November 2012 that hospital employees were allegedly storing patient records containing PHI in an unsecure online document sharing application without analyzing the risks of doing so, according to a July 8 resolution agreement between OCR and St. Elizabeth’s. Those documents contained the ePHI of at least 498 patients.

Read More→

Submit your HIPAA questions to Editoquestionr John Castelluccio at jcastelluccio@hcpro.com and we will work with our experts to provide the information you need.

Q: The hospital where I work uses a large radiology group for radiology interpretations, for which the group bills the hospital. Both are covered entities (CE).

The hospital provides the group with an electronic data feed of all demographic information needed for billing on patients admitted to the hospital. The feed transmits information about all patients, because it is impossible to know at admission which patients will need radiology services. The group uses the demographic data to prepare interpretative radiology reports and then bills us for the professional services. Should either party be concerned about unauthorized disclosure or is it okay to provide the additional patient information because the stream is needed for group’s payment activity? Read More→

The New York Giants reportedly didn’t even know their defensive-end Jason Pierre-Paul had one of his fingers amputated before his medical charts appeared in news reports July 8, but that’s a story for another audience.

ESPN reporter Adam Schefter isn’t in trouble for posting a picture on Twitter of what looks like Pierre-Paul’s medical chart—journalists aren’t covered by HIPAA—but staff members at Jackson Memorial Hospital in Miami and the hospital itself could be facing some stiff sanctions for releasing the records to a reporter.

Read More→

Comments (0)