Subscription Required

Only paid subscribers* to Report on Patient Privacy can access this Web portal with three years of back issues, searchable article archives and other valuable resources.

Subscribers to Report on Patient Privacy receive

  1. Report on Patient Privacy, AIS’s industry-leading monthly newsletter, a copy of which will be mailed to you and posted — along with searchable archives of past articles and a convenient library with PDFs of back issues — on the subscriber-only website.
  2. Access to the industry’s most exhaustive HIPAA privacy and security website, which features:
    • 31 detailed narrative sections of guidance written by experts on every HIPAA compliance topic from A to Z. These exhaustive treatments are packed with sample forms, policies, procedures, decision trees and other practical tools you can adapt to your privacy and security compliance programs ... and it’s updated regularly.
    • Links to critical government documents required for compliance with privacy and security regulations and other related federal requirements.
    • Special E-Alerts when timely news breaks
    • Searchable archives of the monthly newsletter Report on Patient Privacy.
    • Recent stories of interest and hot topic articles grouped for convenient reading, and
    • Regular postings from your editor.
View a sample and get more information
October 2014

Recent Stories of Interest

From Report on Patient Privacy - The HHS Office for Civil Rights (OCR) may need to launch a Kickstarter campaign to obtain funding for its upcoming audits. But once the program is up and running the agency will be using it “as an enforcement tool” that, depending on what “issues” are revealed, may result in corrective actions and financial penalties. That was the word from Iliana Peters, senior advisor for HIPAA compliance and enforcement, the closing speaker at the Sept. 23-24 conference on HIPAA security cohosted by HHS and the National Institute for Standards and Technology. Read more

Since the U.S. Supreme Court ruled in June 2013 that the portion… Read more

On the day back in April when an alert was released that… Read more

Gone are the days of HIPAA covered entities (CEs) working with every… Read more

From the Editor

Welcome to your Report on Patient Privacy subscriber-only Web page

Be sure to visit often, for PDFs of issues, article archives, narrative sections by privacy and security experts, and more!

Please e-mail me with your comments on the last issue of Report on Patient Privacy, story ideas for future issues, or any other suggestions you have that can make the newsletter more useful for you.


RPP subscribers can now access an extensive report with all the details of the new HIPAA/HITECH regulations, prepared by RPP Editor Francie Fernald. This report summarizes the amendments to the regulatory language and highlights the clarifications that HHS discusses in the preamble to the rule. It has two parts:

  1. Revisions to the breach notification rules, and
  2. Revisions to the HIPAA privacy and security rules and the HHS OIG enforcement rules mandated by the HITECH Act.

Click here to read the report (PDF file).

October 3, 2014
Another Deadline Approaches

A reminder that Oct. 6 is the date all labs subject to HIPAA, including CLIA-certified and CLIA-exempt labs, must allow patients direct access to their test results. The final rule was published on Feb. 6, but gave labs until Oct. 6 to comply. Labs also must have a revised Notice of Privacy Practices reflecting this change available for patients.

September 15, 2014
OCR Audits Delayed, but Number Will Increase

More onsite audits, but delayed launch of the permanent audit program — that’s the word from OCR’s senior advisor Linda Sanches, speaking at the HIMSS Privacy and Security Forum last week. The delay is due to new technology OCR will use in the audits. She also said the number of desk reviews has been reduced from 400 to 200, but because of additional funding, there will be a number of onsite audits. No definite date was announced for the launch.

September 5, 2014
Business Associate Agreement Compliance Is Imminent

September 23 is d-day, that is, deadline day, for business associate agreements. On that date, all business associate agreements must contain the additional requirements mandated by the January 2013 omnibus rule. These include provisions: ensuring the BA will comply with the security rule safeguards in §164.308 (administrative), §164.310 (physical) and §164.312 (technical) and will develop and enforce the policies and procedures and documentation requirements under §164.316 of the security regulations; stating that the BA will execute a business associate agreement with its subcontractors that create, receive, maintain or transmit PHI with the same restrictions, conditions and safeguards applicable to the business associate; and requiring the BA to report to the covered entity any use or disclosure of PHI not permitted under the agreement or any security incident of which it becomes aware, including breaches of “unsecured PHI” under the breach notification rule.

It's quick and easy to sign up for FREE access to AISHealth.com!

Why do I need to register?