HIPAA Handbooks

  • Privacy and security training for new and seasoned staff
  • 11 staff/setting focus areas
  • Education on protecting PHI
  • New HITECH Act changes
  • Discounts on bulk purchases



  • Role-based training using real-life case scenarios
  • Test-your-knowledge exercises with remediation
  • Post-course test to document staff participation


Other HIPAA Resources

  • Hot-topic audio conferences
  • Books on privacy and security
  • Newsletters
  • e-Newsletter
  • Videos


Archive for HIPAA Talk

Stanley Nachimson talked about cost of HIPAA violations today.

The principal of Nachimson Advisors, LLC,  and director of the WEDI-NCHICA Timeline Project used a health plan as an example. He said for a small health plan of 100,000 members, the cost of not complying with HIPAA will be $1 per member per day.

So, $100,000 per day for multiple days.

Nachimson is the author of “Impact of ICD-10 on Providers,” and is a former senior advisor to CMS.

Comments (0)

Lately there have been disclosure announcements as to the results of celebrity autopsy reports. At what point does this become a HIPAA violation if it is not a criminal investigation?

For example, the Billy Mays press release. The family indicated that they were not in agreement with the release of information. What is the medical examiner’s liability in the disclosure of a patient’s autopsy records?

Deborah DeLeo, CHC, CPC
Executive Director of Operations
TreeFrog Data Solutions

Categories : HIPAA Talk
Comments (1)

Workforce-as-patients access to EHR

Posted by: | Comments (1)
Email This Post Print This Post

Does any CE have a policy permitting workforce-as-patients – medical staff and employees – to circumvent the existing policy and HIM process for patients to obtain their PHI, and directly access their personal PHI in the EHR?

If so, do you have the same or separate policy/process for medical staff-as-patients and employees-as patients? If so, how do you provide access for employee-patients who do not already have role-based access to the EHR in general? If so, does this policy and process require additional FTE support, and where?

Does the policy require expanded auditing of EHR access? If you have a policy and process, would you share? Have you noted any increased facility-wide risk for breach in general as a result of this policy?


Carol Richardson, MA, RHIA

Categories : HIPAA Talk
Comments (1)

Chart access by nurse advocate

Posted by: | Comments (4)
Email This Post Print This Post

Do you allow nurses to access their families’ EMR if they are not the caregiver, but the family wants them to advocate for them? Of do you require an ROI and send them to Medical Records?

Rochelle Steimel, OTR, MPH
Rights Advisor/Privacy Officer
Munson Healthcare (Traverse City, MI)

Categories : HIPAA Talk
Comments (4)

Have any covered entities considered changing their current notice of privacy practices to cover the new rights patients will have under HITECH?

Melanie A. Gomez, HRM, CHC
Director of Corporate Compliance and Risk Management-HIPAA Privacy Officer
CareMore Medical Enterprises

Categories : HIPAA Talk
Comments (5)