HIPAA Handbooks

  • Privacy and security training for new and seasoned staff
  • 11 staff/setting focus areas
  • Education on protecting PHI
  • New HITECH Act changes
  • Discounts on bulk purchases



  • Role-based training using real-life case scenarios
  • Test-your-knowledge exercises with remediation
  • Post-course test to document staff participation


Other HIPAA Resources

  • Hot-topic audio conferences
  • Books on privacy and security
  • Newsletters
  • e-Newsletter
  • Videos


Meet the Authors



Dom Nicastro

Dom Nicastro is a freelance journalist with nearly five years of experience writing in the HIPAA privacy and security market. He manages HIPAA Update, HCPro Inc.’s award-winning healthcare blog focusing on HIPAA, privacy, security, and HITECH developments. Dom is the former editor of the Gloucester Daily Times, where he led the paper to the New England News Association Newspaper of the Year in 2005 and a runner-up for the same award by the New England Press Association in 2007. He also won three New England awards for his sportswriting.


Kate Borten, CISSP, CISM

Kate Borten, CISSP, CISM, is president of The Marblehead Group, providing privacy and security assessments, regulatory compliance audits, and program development guidance to clients across the healthcare industry. Borten provides a unique combination of expertise in information security, privacy, and IT from over twenty years inside healthcare. She is a nationally-recognized expert on HIPAA and health information privacy and security, and a frequent speaker on these topics. Borten is the former head of the enterprise-wide security program at the Massachusetts General Hospital, and is also the author of HIPAA Security Made Simple (HCPro, Inc. 2003) and other publications for HCPro, and four-year chair of HealthSec, the premier annual conference on information security in healthcare.


John Parmigiani, MS, BES

John Parmigiani, MS, BES, is the president of John C. Parmigiani & Associates, LLC. Mr. Parmigiani has more than 35 years experience in information systems management in both the public and private sectors.  The former Director of Enterprise Standards for the Health Care Financing Administration (HCFA), now the Centers for Medicare & Medicaid Services (CMS), he was the chairman of the government-wide HIPAA Administrative Simplification Security and Electronic Signature Standards Implementation Team that created the Security Rule and was a member of the federal committee that oversaw the development and implementation of the HIPAA Transactions and Code Sets and the Privacy Rule.


Chris Apgar, CISSP

Chris Apgar, CISSP, is president of Apgar & Associates, LLC in Portland, OR, an independent consulting firm specializing security, privacy, regulatory compliance; electronic health information exchange; global and detailed business process review; information systems project development; and lobbyist activity. Apgar is a nationally recognized information security, privacy and HIPAA expert, is a member of the Workgroup for Electronic Interchange (WEDI) Board of Directors and is a member of the team working with the US Department of Health & Human Services and the State of Oregon to develop national privacy & security standards to assist in confidential and efficient electronic health record exchange.


Rebecca Herold, “The Privacy Professor”® is a world-renowned information security and privacy authority. Herold provides guidance to organizations of all sizes – across the globe and across industries. She has received numerous accolades, including “2007 and 2008 Best Privacy Advisor” by Computerworld and 2007’s “Top 59 Influencers in IT Security” by IT Security magazine. The information security and privacy program Herold created for a multi-national healthcare insurer and financial company received the CSI “Security Program of the Year” award in 1997. Herold, working on her 14th book, co-authored the acclaimed book “The Practical Guide to HIPAA Privacy and Security Compliance.” Herold publishes “Protecting Information” (a multimedia information security and privacy journal), and offers multiple training resources. She is an Adjunct Professor for Norwich University’s Master of Science in Information Assurance program. You may contact Herold directly at rebeccaherold@rebeccaherold.com or www.theprivacyprofessor.com.

Frank Ruelas

Frank Ruelas, MBA

Frank Ruelas, MBA, is the privacy officer, director of compliance and Risk Management at Maryvale Hospital in Phoenix, AZ, and the Principal of HIPAA College. Given this unique combination of roles and responsibilities, Ruelas has developed a relationship with representatives of covered entities of all sizes throughout the country and has assisted in the resolution of problems and management of challenges that have adversely affected their efforts to comply with the HIPAA Privacy and Security and HITECH Act requirements. Frank has been interviewed by numerous publications for his insight, suggestions, and opinion on HIPAA related topics and has presented at forums at the local, state, and national levels. Of the opinion that people often learn more effectively through visualization, he has offered numerous flowcharts which graphically represent process throughputs which have also appeared in a number of newsletters and have been used by covered entities to design their own workflows and their underlying policies and procedures.