Subscription Required

Only paid subscribers* to Report on Patient Privacy can access this Web portal with three years of back issues, searchable article archives and other valuable resources.

Subscribers to Report on Patient Privacy receive

  1. Report on Patient Privacy, AIS’s industry-leading monthly newsletter, a copy of which will be mailed to you and posted — along with searchable archives of past articles and a convenient library with PDFs of back issues — on the subscriber-only website.
  2. Access to the industry’s most exhaustive HIPAA privacy and security website, which features:
    • 31 detailed narrative sections of guidance written by experts on every HIPAA compliance topic from A to Z. These exhaustive treatments are packed with sample forms, policies, procedures, decision trees and other practical tools you can adapt to your privacy and security compliance programs ... and it’s updated regularly.
    • Links to critical government documents required for compliance with privacy and security regulations and other related federal requirements.
    • Special E-Alerts when timely news breaks
    • Searchable archives of the monthly newsletter Report on Patient Privacy.
    • Recent stories of interest and hot topic articles grouped for convenient reading, and
    • Regular postings from your editor.
View a sample and get more information
January 2015

Recent Stories of Interest

From Report on Patient Privacy - The HHS Office for Civil Rights (OCR) concluded 2014 the same way it ended 2013 — by announcing a $150,000 settlement with a nonprofit organization over allegations of HIPAA violations. However, in contrast to past years, OCR collected a record $7.5 million in payments in 2014 from a record seven settlements. The most recent settlement stemmed from the potential compromise of 2,700 patient files that occurred when five workstations at Anchorage Community Mental Health Services, Inc., became infected with a virus called Zeus Trojan in December 2011 “through a vulnerability in Adobe reader,” ACMHS officials told RPP. Read more

Move data off mobile devices and out of harm’s way. Train employees… Read more

Just before noon on the last day of May 2012, Dr. Christine… Read more

When the Indiana Court of Appeals released its decision upholding the $1.44… Read more

From the Editor

Welcome to your Report on Patient Privacy subscriber-only Web page

Be sure to visit often, for PDFs of issues, article archives, narrative sections by privacy and security experts, and more!

Please e-mail me with your comments on the last issue of Report on Patient Privacy, story ideas for future issues, or any other suggestions you have that can make the newsletter more useful for you.

RPP subscribers can now access an extensive report with all the details of the new HIPAA/HITECH regulations, prepared by RPP Editor Francie Fernald. This report summarizes the amendments to the regulatory language and highlights the clarifications that HHS discusses in the preamble to the rule. It has two parts:

  1. Revisions to the breach notification rules, and
  2. Revisions to the HIPAA privacy and security rules and the HHS OIG enforcement rules mandated by the HITECH Act.

Click here to read the report (PDF file).

January 13, 2015
State Attorneys General Use HIPAA Power

The HITECH Act, which was passed in February 2009, authorized attorney generals in the states to enforce any HIPAA violations that threaten or adversely affect a resident in their jurisdiction. In January, the Indiana attorney general announced its first HIPAA settlement with a dentist who had hired a private company to dispose of his patient records. The records were subsequently found in a dumpster on the south side of Indianapolis. The dentist agreed to pay a $12,000 monetary penalty. In November and December, the Massachusetts attorney general reached settlements with two hospitals because of the theft of unencrypted laptops. Until these settlements, there had been only a few instances of the AGs using their power. Whether this represents a trend toward stronger AG HIPAA enforcement remains to be seen.

December 15, 2014
OCR Closes the Year With Another Settlement

The Office for Civil Rights has announced a $150,000 settlement with Anchorage Community Mental Health Services (ACMHS) for violations of the HIPAA Security Rule. ACMHS, which is a five-facility, nonprofit organization providing behavioral health care services to children, adults, and families in Anchorage, Alaska, reported the breach in 2012. The breach occurred because of malware compromising the security of its electronic health information and threatened 2,743 individuals. During its investigation, OCR found that the organization had adopted sample policies and procedures in 2005 but had not followed or updated them. It also had not conducted a thorough risk analysis and had not updated its IT resources with available patches and continued to run outdated, unsupported software. ACMHS also must comply with a two-year corrective action plan.

This is the second Anchorage organization to settle with OCR over inadequate policies and procedures, insufficient risk management, and inadequate worker training. In 2012, the Alaska Department of Health and Human Services agreed to pay $1.7 million and enter into three-year corrective action plan.

November 17, 2014
Two Court Decisions Impact Use of HIPAA in Lawsuits

The Connecticut Supreme Court overturned a lower court and will allow HIPAA to be used as the standard of care in a negligence lawsuit. Emily Byrne v. Avery Center for Obstetrics and Gynecology, P.C., SC 18904 (Nov. 11, 2014).

And the Indiana Court of Appeals issued its decision upholding the $1.44 million verdict against Walgreens because of a pharmacist’s unauthorized access to and disclosure of a customer’s prescription records. Walgreen Co. vs. Hinchy, No. 49A02-1311-CT-950 (Nov. 14, 2014).

It's quick and easy to sign up for FREE access to!

Why do I need to register?