HIPAA Handbooks

  • Privacy and security training for new and seasoned staff
  • 11 staff/setting focus areas
  • Education on protecting PHI
  • New HITECH Act changes
  • Discounts on bulk purchases



  • Role-based training using real-life case scenarios
  • Test-your-knowledge exercises with remediation
  • Post-course test to document staff participation


Other HIPAA Resources

  • Hot-topic audio conferences
  • Books on privacy and security
  • Newsletters
  • e-Newsletter
  • Videos


Author Archive


Divide (the workload) and conquer

Posted by: | Comments (0)
Email This Post Print This Post

The release of the HIPAA Omnibus Rule has left most HIPAA privacy and security officers with a long and likely overwhelming to-do list.

“Buried is the operative word,” says one HIPAA privacy/security officer. “We’re on track with implementation, but it’s almost a 24/7 venture these days.”

The 563-page final rule released by HHS in January created an abundance of work for privacy and security officers. The activities on their punch lists range from revising the notice of privacy practices and updating HIPAA policies and procedures, to reviewing business associate contracts and modifying breach notification and response processes.

Healthcare organizations have until September 23 to comply with most of the provisions in the final rule.

While HIPAA privacy and security officers may be taking the lead on these initiatives, they do not have to go it alone, says Phyllis A. Patrick, MBA, FACHE, CHC, president of Phyllis A. Patrick & Associates, LLC, in Purchase, N.Y.

“A lot of people are saying they are feeling overwhelmed,” she says. However, resourceful HIPAA officers are dividing the workload, Patrick says.

Purchase the full article in the August edition of Briefings on HIPAA. Learn more about the newsletter.

Comments (0)

States probing PHI-sale policies

Posted by: | Comments (0)
Email This Post Print This Post

Sale of PHI and privacy. The two don’t always go hand-in-hand.

That’s why some states are looking into policies to ensure the privacy of patients whose records may be in public databases, according to Bloomberg.

State public health agencies collect PHI from hospitals and sell it to researchers and commercial data-mining firms. Ideally, the records should be de-identified according to HIPAA standards, but often they are not.

EHRs and state health information exchanges are making it easier for this type of information to be shared.

Comments (0)

Privacy rights under HIPAA can catch up with you. In this case, it caught up with Walgreens to the tune of $1.44 million.

An Indiana jury awarded a woman that sum after it determined Walgreens and its pharmacist violated her privacy by sharing her prescription history, according to www.indystar.com

According to the lawsuit, filed in Marion Superior Court, pharmacist Audra Peterson inappropriately accessed Abigail Hinchy’s prescription information and shared the confidential information.

“As a provider of pharmaceutical service, defendant Walgreens Co. owes a non-delegable duty to its customers to protect their privacy and confidentiality of its customers’ pharmaceutical information and prescription histories,” Hinchy said in the lawsuit.

Hinchy is the ex-girlfriend of Peterson’s husband. The pharmacist shared the private information with her husband.

“We take seriously our responsibility to safeguard the privacy of medical records in our possession,” the company told www.indystar.com. “The pharmacist in this case admitted she was aware of our strict privacy policy and knew she was violating it. She was appropriately disciplined for her action.”

Walgreens says it plans to appeal the ruling, calling it a “misapplication of the law to hold an employer liable for the actions of one employee who knowingly violates company policy.”

Comments (2)

A 2009 tragedy that occurred in a high school weight room is raising questions about patient privacy rights under HIPAA.

The wife of a high school football coach who died at the hands of a former player testified before Congress in April and urged legislators to update HIPAA in a way that could prevent further tragedies.

Football coach Ed Thomas was murdered in June 2009 by a former player who walked into a summer training session at Aplington-Parkersburg High School in Parkersburg, Iowa, and emptied his gun at close range. The coach died on the way to the hospital and the former player, 24-year-old Mark Becker, was sentenced to life in prison in 2010.

Purchase the full Briefings on HIPAA July article or learn more about the newsletter.

Categories : HIPAA privacy
Comments (0)

A West Virginia woman is suing a healthcare organization for releasing some of her PHI to her husband while she was pregnant, according to The West Virginia Record

Savannah Murphy’s June 28 suit claims Marshall Obstetrics & Gynecology shared PHI with her husband as she was going through a divorce. The healthcare facility’s actions compromised her privacy and caused her damages.

Comments (0)