Subscription Required

Only paid subscribers* to Report on Patient Privacy can access this Web portal with three years of back issues, searchable article archives and other valuable resources.

Subscribers to Report on Patient Privacy receive

  1. Report on Patient Privacy, AIS’s industry-leading monthly newsletter, a copy of which will be mailed to you and posted — along with searchable archives of past articles and a convenient library with PDFs of back issues — on the subscriber-only website.
  2. Access to the industry’s most exhaustive HIPAA privacy and security website, which features:
    • 31 detailed narrative sections of guidance written by experts on every HIPAA compliance topic from A to Z. These exhaustive treatments are packed with sample forms, policies, procedures, decision trees and other practical tools you can adapt to your privacy and security compliance programs ... and it’s updated regularly.
    • Links to critical government documents required for compliance with privacy and security regulations and other related federal requirements.
    • Special E-Alerts when timely news breaks
    • Searchable archives of the monthly newsletter Report on Patient Privacy.
    • Recent stories of interest and hot topic articles grouped for convenient reading, and
    • Regular postings from your editor.
View a sample and get more information
July 2016

Recent Stories

From Report on Patient Privacy - In a new $650,000 settlement full of “firsts,” the HHS Office for Civil Rights (OCR) has slapped a business associate (BA) for the theft of an unencrypted phone that contained protected health information (PHI) of fewer than 500 nursing home patients. This first settlement with a BA should give a boost to CEs who struggle to convince their BAs that they, too, will face enforcement action for noncompliance, and the two-year corrective action plan reads like a virtual checklist to ensure the appropriate policies and procedures are in place (see box, p. 10). Read more

A federal jury in Ohio on June 23 convicted a 26-year-old respiratory… Read more

Perhaps the easiest way to understand the privacy implications of the new… Read more

Covered entities (CEs) around the country have been getting lots of emails… Read more

From the Editor

Welcome to your Report on Patient Privacy subscriber-only Web page

Be sure to visit often, for PDFs of issues, article archives, narrative sections by privacy and security experts, and more!

Please e-mail me with your comments on the last issue of Report on Patient Privacy, story ideas for future issues, or any other suggestions you have that can make the newsletter more useful for you.

Mobile Device Use Policy & Procedure

This sample Mobile Device Use Policy and Procedure was provided to RPP subscribers by Chris Apgar, president of Apgar & Associates, LLC, in Portland, Ore. For more information, please contact Apgar at

Click here to access the policy.

July 19, 2016
OHSU Settles Multiple HIPAA Violations

OCR announced a settlement with Oregon Health & Science University (OHSU) for “multiple and diverse” HIPAA violations. OHSU will pay $2.7 million and operate under a three-year corrective action plan.

July 18, 2016
HHS Releases Ransomware Guidance

The Department of Health and Human Services has released a fact sheet on ransomware attacks and how they intersect with HIPAA.

June 30, 2016
OCR Settles With Business Associate for $650k Over Stolen Smartphone

OCR announced a $650,000 HIPAA settlement with a Philadelphia nursing home services provider over a stolen, unencrypted and unlocked iPhone that exposed the PHI of 400 patients.

It's quick and easy to sign up for FREE access to!

Why do I need to register?