Subscription Required

Only paid subscribers* to Report on Patient Privacy can access this Web portal with three years of back issues, searchable article archives and other valuable resources.

Subscribers to Report on Patient Privacy receive

  1. Report on Patient Privacy, AIS’s industry-leading monthly newsletter, a copy of which will be mailed to you and posted — along with searchable archives of past articles and a convenient library with PDFs of back issues — on the subscriber-only website.
  2. Access to the industry’s most exhaustive HIPAA privacy and security website, which features:
    • 31 detailed narrative sections of guidance written by experts on every HIPAA compliance topic from A to Z. These exhaustive treatments are packed with sample forms, policies, procedures, decision trees and other practical tools you can adapt to your privacy and security compliance programs ... and it’s updated regularly.
    • Links to critical government documents required for compliance with privacy and security regulations and other related federal requirements.
    • Special E-Alerts when timely news breaks
    • Searchable archives of the monthly newsletter Report on Patient Privacy.
    • Recent stories of interest and hot topic articles grouped for convenient reading, and
    • Regular postings from your editor.
View a sample and get more information
February 2015

Recent Stories of Interest

From Report on Patient Privacy - Don’t trust; verify. This twist on “trust, but verify” sums up Seattle Children’s Hospital’s philosophy toward putting protected health information (PHI) into the cloud. Later this year Seattle Children’s may launch a patient portal that is based in the cloud. But implementation won’t come as the result of a quick — or simple — decision, Cris Ewell, the hospital’s chief information security officer (CISO), tells RPP. “My job is not to trust anybody,” Ewell says. “My job is not to accept risk. I measure risk. Read more

The compliance official was clearly distraught. A surgeon, already warned, was in… Read more

The HHS Office for Civil Rights (OCR) concluded 2014 the same way… Read more

Move data off mobile devices and out of harm’s way. Train employees… Read more

From the Editor

Welcome to your Report on Patient Privacy subscriber-only Web page

Be sure to visit often, for PDFs of issues, article archives, narrative sections by privacy and security experts, and more!

Please e-mail me with your comments on the last issue of Report on Patient Privacy, story ideas for future issues, or any other suggestions you have that can make the newsletter more useful for you.


RPP subscribers can now access an extensive report with all the details of the new HIPAA/HITECH regulations, prepared by RPP Editor Francie Fernald. This report summarizes the amendments to the regulatory language and highlights the clarifications that HHS discusses in the preamble to the rule. It has two parts:

  1. Revisions to the breach notification rules, and
  2. Revisions to the HIPAA privacy and security rules and the HHS OIG enforcement rules mandated by the HITECH Act.

Click here to read the report (PDF file).

March 2, 2015
Data Theft Numbers Just Continue to Go Up

Medical identify theft is up more than 20% over 2013, and the number of records affected due to hacking incidents is up more than 50%. These are the findings of two recently released studies by the Ponemon Institute and Redspin.

February 20, 2015
March 1 Is Breach Reporting Deadline

Covered entities, if they have not already done so, must file their annual report of breaches that affected under 500 individuals with OCR by March 1. CEs must file a separate breach report for each incident using the OCR breach notification portal.

February 6, 2015
New Portal for Reporting Breaches to OCR

HHS’ Office for Civil Rights has made available a new portal for filing the breach notices required by the HITECH Act. The portal, which works as a “wizard” directing the filing entity through six sections, requires more detailed information than the old portal. Fields such as the beginning and end dates of the breach, which were optional, now are mandatory. The section on “Actions Taken in Response to Breach” has 15 specific actions to select from, but the section "Safeguards in Place Prior to Breach" is more general than before, listing five options regarding compliance with the privacy and security rules, rather than the laundry list of technical safeguards. The portal may be used to report breaches over 500 and breaches under 500.

It's quick and easy to sign up for FREE access to AISHealth.com!

Why do I need to register?