HIPAA Handbooks

  • Privacy and security training for new and seasoned staff
  • 11 staff/setting focus areas
  • Education on protecting PHI
  • New HITECH Act changes
  • Discounts on bulk purchases



  • Role-based training using real-life case scenarios
  • Test-your-knowledge exercises with remediation
  • Post-course test to document staff participation


Other HIPAA Resources

  • Hot-topic audio conferences
  • Books on privacy and security
  • Newsletters
  • e-Newsletter
  • Videos


Archive for Unsecure PHI


The PHI of 9,700 patients at Service Coordination, Inc., in Frederick, Md., was compromised when the nonprofit organization’s computers were hacked, CBS Baltimore reported.   

A hacker gained access to approximately 70% of the organization’s medical records, including Social Security numbers. However, there was no evidence that the PHI was misused. Investigators identified the alleged hacker and seized his or her equipment, CBS Baltimore reported.

Service Coordination is a state-licensed provider of services for developmentally disabled individuals. The breach first came to light in October 2013, but the U.S. Department of Justice requested that Service Coordination keep the incident under wraps during the federal investigation. Affected individuals were notified of the breach in March, CBS Baltimore reported.

Comments (0)

The PHI of 168,500 Los Angeles County medical facility patients was stolen during a break-in at Sutherland Healthcare Solutions in Torrance, Calif., the Los Angeles Times has reported.

Sutherland handles billing and collections for the county’s Department of Health Services and Department of Public Health. Computers containing patients’ PHI were stolen from the Sutherland office February 5. PHI stored on the computers includes patient names, Social Security numbers, medical and billing information, and potentially birthdates, addresses, and diagnoses, the newspaper reported.

The county is reviewing its contract with Sutherland to determine whether it enforces breach prevention procedures.


Unity Health Plans Insurance Corporation in Wisconsin recently notified 41,437 members that their PHI may have been compromised when a computer hard drive was stolen from the University of Wisconsin-Madison School of Pharmacy, according to the health insurer’s website.

The School of Pharmacy obtained member information to complete a benefits program evaluation.

Information on the hard drive included member numbers, dates of birth, cities of residence, names of medications, and dates of service. Unity Health Plans and the University of Wisconsin-Madison School of Pharmacy are reviewing the breach and are implementing a new education program for employees, according to the announcement.

Unity Health Plans notified affected members by mail. It also notified HHS, according to the announcement.

Comments (0)

The Puerto Rico Health Insurance Administration (ASES, its Spanish acronym) recently fined Triple-S Salud, Inc., (TSS) $6.8 million for violating HIPAA, according to documents filed with the U.S. Securities and Exchange Commission. The fine exceeds the highest civil monetary penalty imposed by OCR by nearly $2.5 million.

TSS mailed pamphlets that displayed recipients’ Medicare health insurance claim numbers, unique numbers assigned by the Social Security Administration that are considered PHI, to 70,000 Medicare Advantage beneficiaries September 30, 2013. The fine imposed on TSS, a health insurance subsidiary of Triple-S Management Corporation, is for a breach of PHI of 13,226 dual-eligible Medicare beneficiaries, according to the filing.

TSS conducted an internal investigation of the breach and reported the incident to  agencies of the federal government and Puerto Rico. However, ASES alleged that TSS did not take the required steps when responding to the breach, according to the filing.

ASES also imposed sanctions on TSS that include the suspension of new enrollments of dual-eligible Medicare beneficiaries. TSS must notify affected individuals of their right to unenroll. The health insurer is offering 12 months of free credit monitoring and identity protection services to affected individuals.

A class-action lawsuit was recently filed against Kaiser Permanente after the HMO notified patients in December 2013 that a computer flash drive containing the PHI of 49,000 patients was reported missing, according to court documents. The flash drive contained patient names, medical record and hospital account numbers, admission and discharge dates, diagnoses codes, and billing charges.

The lead plantiff, Ginger Buck, alleges that Kaiser violated California’s Confidentiality of Medical Information Act by disclosing PHI without written authorization, according to the complaint.

The unencrypted flash drive was reported missing from the nuclear medicine department at Kaiser’s Anaheim Medical Center September 25, 2013, the Los Angeles Times reported. The breach became public in December 2103 when the HMO advised patients to monitor their medical records for fraudulent information, according to the newspaper.

Comments (1)