Subscription Required

Only paid subscribers* to Report on Patient Privacy can access this Web portal with three years of back issues, searchable article archives and other valuable resources.

Subscribers to Report on Patient Privacy receive

  1. Report on Patient Privacy, AIS’s industry-leading monthly newsletter, a copy of which will be mailed to you and posted — along with searchable archives of past articles and a convenient library with PDFs of back issues — on the subscriber-only website.
  2. Access to the industry’s most exhaustive HIPAA privacy and security website, which features:
    • 31 detailed narrative sections of guidance written by experts on every HIPAA compliance topic from A to Z. These exhaustive treatments are packed with sample forms, policies, procedures, decision trees and other practical tools you can adapt to your privacy and security compliance programs ... and it’s updated regularly.
    • Links to critical government documents required for compliance with privacy and security regulations and other related federal requirements.
    • Special E-Alerts when timely news breaks
    • Searchable archives of the monthly newsletter Report on Patient Privacy.
    • Recent stories of interest and hot topic articles grouped for convenient reading, and
    • Regular postings from your editor.
View a sample and get more information
December 2014

Recent Stories of Interest

From Report on Patient Privacy - Just before noon on the last day of May 2012, Dr. Christine Hamilton took an investigator from the HHS Office for Civil Rights (OCR) on a most unusual two-hour tour of a storage facility in Sturgis, Indiana. Stacked on seven sets of shelves were thousands and thousands of her patients’ files, which, by that point, Hamilton had had in her personal possession for more than three years, ever since a hospital system abandoned its plan to purchase her charts and dumped them on her driveway. Read more

When the Indiana Court of Appeals released its decision upholding the $1.44… Read more

Now that it seems likely the HHS Office for Civil Rights (OCR)… Read more

Anne Adams, whose titles include chief compliance officer and chief privacy officer… Read more

From the Editor

Welcome to your Report on Patient Privacy subscriber-only Web page

Be sure to visit often, for PDFs of issues, article archives, narrative sections by privacy and security experts, and more!

Please e-mail me with your comments on the last issue of Report on Patient Privacy, story ideas for future issues, or any other suggestions you have that can make the newsletter more useful for you.


RPP subscribers can now access an extensive report with all the details of the new HIPAA/HITECH regulations, prepared by RPP Editor Francie Fernald. This report summarizes the amendments to the regulatory language and highlights the clarifications that HHS discusses in the preamble to the rule. It has two parts:

  1. Revisions to the breach notification rules, and
  2. Revisions to the HIPAA privacy and security rules and the HHS OIG enforcement rules mandated by the HITECH Act.

Click here to read the report (PDF file).

December 15, 2014
OCR Closes the Year With Another Settlement

The Office for Civil Rights has announced a $150,000 settlement with Anchorage Community Mental Health Services (ACMHS) for violations of the HIPAA Security Rule. ACMHS, which is a five-facility, nonprofit organization providing behavioral health care services to children, adults, and families in Anchorage, Alaska, reported the breach in 2012. The breach occurred because of malware compromising the security of its electronic health information and threatened 2,743 individuals. During its investigation, OCR found that the organization had adopted sample policies and procedures in 2005 but had not followed or updated them. It also had not conducted a thorough risk analysis and had not updated its IT resources with available patches and continued to run outdated, unsupported software. ACMHS also must comply with a two-year corrective action plan.

This is the second Anchorage organization to settle with OCR over inadequate policies and procedures, insufficient risk management, and inadequate worker training. In 2012, the Alaska Department of Health and Human Services agreed to pay $1.7 million and enter into three-year corrective action plan.

November 17, 2014
Two Court Decisions Impact Use of HIPAA in Lawsuits

The Connecticut Supreme Court overturned a lower court and will allow HIPAA to be used as the standard of care in a negligence lawsuit. Emily Byrne v. Avery Center for Obstetrics and Gynecology, P.C., SC 18904 (Nov. 11, 2014).

And the Indiana Court of Appeals issued its decision upholding the $1.44 million verdict against Walgreens because of a pharmacist’s unauthorized access to and disclosure of a customer’s prescription records. Walgreen Co. vs. Hinchy, No. 49A02-1311-CT-950 (Nov. 14, 2014).

November 11, 2014
OCR Issues Ebola, Health Emergency Guidance

The Office for Civil Rights has posted guidance on what PHI a covered entity and its business associate may share without an authorization and with whom when presented with a health care emergency, such as the Ebola crisis.

It's quick and easy to sign up for FREE access to AISHealth.com!

Why do I need to register?