Subscription Required

Only paid subscribers* to Report on Patient Privacy can access this Web portal with three years of back issues, searchable article archives and other valuable resources.

Subscribers to Report on Patient Privacy receive

  1. Report on Patient Privacy, AIS’s industry-leading monthly newsletter, a copy of which will be mailed to you and posted — along with searchable archives of past articles and a convenient library with PDFs of back issues — on the subscriber-only website.
  2. Access to the industry’s most exhaustive HIPAA privacy and security website, which features:
    • 31 detailed narrative sections of guidance written by experts on every HIPAA compliance topic from A to Z. These exhaustive treatments are packed with sample forms, policies, procedures, decision trees and other practical tools you can adapt to your privacy and security compliance programs ... and it’s updated regularly.
    • Links to critical government documents required for compliance with privacy and security regulations and other related federal requirements.
    • Special E-Alerts when timely news breaks
    • Searchable archives of the monthly newsletter Report on Patient Privacy.
    • Recent stories of interest and hot topic articles grouped for convenient reading, and
    • Regular postings from your editor.
View a sample and get more information
August 2016

Recent Stories

From Report on Patient Privacy - Last month, in rapid succession, the HHS Office for Civil Rights (OCR) announced two settlement agreements resolving allegations of HIPAA violations, both with academic medical centers and both averaging $2.7 million. They bring OCR’s half-year total to nearly $15 million, a record. “OCR is getting significantly more aggressive with their settlement amounts,” says Adam Greene, a partner with Davis Wright Tremaine LLP. Read more

With just one day to spare before the 60-day deadline to notify… Read more

In a new $650,000 settlement full of “firsts,” the HHS Office for… Read more

A federal jury in Ohio on June 23 convicted a 26-year-old respiratory… Read more

From the Editor

Welcome to your Report on Patient Privacy subscriber-only Web page

Be sure to visit often, for PDFs of issues, article archives, narrative sections by privacy and security experts, and more!

Please e-mail me with your comments on the last issue of Report on Patient Privacy, story ideas for future issues, or any other suggestions you have that can make the newsletter more useful for you.

Mobile Device Use Policy & Procedure

This sample Mobile Device Use Policy and Procedure was provided to RPP subscribers by Chris Apgar, president of Apgar & Associates, LLC, in Portland, Ore. For more information, please contact Apgar at

Click here to access the policy.

August 19, 2016
Expect More Investigations of Small Breaches

OCR has announced that its regional offices will immediately expand investigations of breaches affecting fewer than 500 individuals. Criteria the offices will use to select breaches for investigation include the following:

  • The size of the breach;
  • Theft of or improper disposal of unencrypted PHI;
  • Breaches that involve unwanted intrusions to IT systems (for example, by hacking);
  • The amount, nature and sensitivity of the PHI involved; or
  • Instances where numerous breach reports from a particular covered entity or business associate raise similar issues.
  • Regions also may consider the lack of breach reports affecting fewer than 500 individuals when comparing a specific covered entity or business associate to similar covered entities and business associates. The Aug. 18 announcement was distributed via the HHS privacy list-serv.

    August 16, 2016
    Bon Secours’ Data Breach Affects More Than 600,000 Patients

    Bon Secours Heath System is notifying patients of a data breach that affected approximately 655,000 individuals. According to the health system’s notice, patient files were left accessible on the Internet by one of its business associates while the company was adjusting its network settings. The files, which contained patients’ names, health insurers’ names, health insurance identification numbers, limited clinical information, Social Security numbers, and in some instances, bank account information, were accessible for almost two months. Upon discovery, the files were secured. Bon Secours conducted an investigation, and while it did not discover any misuse of the information, it is offering free identity protection, credit monitoring and alert services to affected patients for one year.

    August 8, 2016
    ID Card Vendor to Several Blues Plans Reports Data Hack

    ID card vendor to several Blues plans reports data hack.

    It's quick and easy to sign up for FREE access to!

    Why do I need to register?