HIPAA Handbooks

  • Privacy and security training for new and seasoned staff
  • 11 staff/setting focus areas
  • Education on protecting PHI
  • New HITECH Act changes
  • Discounts on bulk purchases



  • Role-based training using real-life case scenarios
  • Test-your-knowledge exercises with remediation
  • Post-course test to document staff participation


Other HIPAA Resources

  • Hot-topic audio conferences
  • Books on privacy and security
  • Newsletters
  • e-Newsletter
  • Videos


Archive for HIPAA Weekly Advisor

A Boston resident is at a New York Yankees game in the Bronx cheering on his beloved Boston Red Sox. ­Despite his best efforts to catch a foul ball coming into the stands, he misses, and the ball bounces off his head. He's woozy, and ballpark officials suggest he get to a hospital for precautionary reasons.

At the hospital, instead of filling out multiple forms, the attending physician logs on to a computer in the patient's room and pulls up his medical record and complete history in seconds. That's because the fan's hospital in Massachusetts and the New York facility participate in an interoperable health information exchange (HIE).

HIE advocates use a scenario like this to promote hospitals joining an exchange program, which is defined as the mobilization of healthcare information electronically across organizations within a region, community, or hospital system. But HIE programs do not come concern-free. For HIM professionals whose hospitals have signed on to parti­cipate in such a program and for those that are considering it, they must do some due diligence

Click here
to read more in the June issue of Medical Records Briefings.
Comments (0)

A laptop containing patient information was reported missing from a local physician office in mid-March, Our Lady of the Lake Regional Medical Center in Baton Rouge, La. Reported on May 18 on the Medical Center’s website.

The laptop contained health information (e.g., patient names, ages, dates of admission and discharge, and treatment results) for more than 17,000 patients who visited the adult intensive care unit (ICU) between 2000 and 2008. The laptop has not yet been recovered and the investigation continues, according to the press release.
“We regularly review our physical and electronic safeguards to ensure that personally identifiable information remains private and secure. In light of this incident, we are taking additional, aggressive steps to examine new ways to further secure our data and prevent similar occurrences in the future. The plan includes additional education, greater physical and encryption controls and an organization-wide personal device inventory,” Our Lady of the Lake states in the press release.
Click here to read more on the Medical Center website.


Comments (0)

Michael D. Ebert, national HIPAA services leader at KPMG, the company hired by OCR to conduct the HIPAA audits required under the HITECH Act, spoke at the March HIPAA Summit. He highlighted some steps organizations can take to improve HIPAA compliance:

  • Conduct a robust compliance assessment and reassess annually or biannually.
  • Determine the lines of business affected by HIPAA.
  • Consider internal employee information as you conduct your evaluation.
  • Map the flow of PHI within your organization, as well as how it is transmitted to and from third parties.
  • Perform data discovery to find all of your PHI.
  • Establish effective PHI safeguards, such as encryption, access management, and only allowing its use when required.

Purchase the full article that appeared in the May edition of Briefings on HIPAA.


Comments (0)

A HIPAA conviction stands for UCLA Healthcare System researcher Huping Zhou, according to a May 16 FierceEMR article.

Zhou pled guilty in 2010 for violating HIPAA; he accessed more than 300 patient records over a period of a few weeks in 2003, including records for several prominent celebrities (e.g., Tom Hanks and Arnold Schwarzenegger) along with those belonging to his boss. He later appealed on the grounds that he didn’t know it was illegal to access the information, but his appeal was dismissed by a federal appeals court on May 10.
Click here to read more about the court decision.
Comments (0)

A laptop stolen from a nurse practitioner in Georgia may compromise the personal information of more than 500 patients, according to a March 15 announcement by Georgia Health Sciences University on its website.

The nurse practitioner works at several sickle cell clinics in Georgia, including the Georgia Health Sciences Adult Sickle Cell Clinic. Someone stole the laptop from her home January 18.

Though the records contained on the laptop include names, dates of birth, diagnosis information, and an internal code associated with patients’ lab tests, none of the records included Social Security numbers, financial information, or addresses.

A spokesperson from Georgia Health Sciences University expressed regret at the theft and noted that the organization attempted to personally notify patients of the incident.

Source: Georgia Health Sciences University

Comments (0)