Subscription Required

Only paid subscribers* to Report on Patient Privacy can access this Web portal with three years of back issues, searchable article archives and other valuable resources.

Subscribers to Report on Patient Privacy receive

  1. Report on Patient Privacy, AIS’s industry-leading monthly newsletter, a copy of which will be mailed to you and posted — along with searchable archives of past articles and a convenient library with PDFs of back issues — on the subscriber-only website.
  2. Access to the industry’s most exhaustive HIPAA privacy and security website, which features:
    • 31 detailed narrative sections of guidance written by experts on every HIPAA compliance topic from A to Z. These exhaustive treatments are packed with sample forms, policies, procedures, decision trees and other practical tools you can adapt to your privacy and security compliance programs ... and it’s updated regularly.
    • Links to critical government documents required for compliance with privacy and security regulations and other related federal requirements.
    • Special E-Alerts when timely news breaks
    • Searchable archives of the monthly newsletter Report on Patient Privacy.
    • Recent stories of interest and hot topic articles grouped for convenient reading, and
    • Regular postings from your editor.
View a sample and get more information
October 2016

Recent Stories

From Report on Patient Privacy - In an year of escalating settlements that defy enforcement trends, the HHS Office for Civil Rights (OCR) may have hit a new mark with its most recent settlement. Last month a health system in Rhode Island that was not accused of any HIPAA violations settled with OCR for $400,000. It was OCR’s 11th settlement so far this year, bringing its penalty total to $20.7 million. Care New England (CNE) is the parent corporation for Women & Infants Hospital, based in Providence, which lost an unencrypted backup tape with images and data for 14,040 patients in 2012. Read more

Recent settlements between the HHS Office for Civil Rights (OCR) and HIPAA… Read more

Since 2009, covered entities (CEs) have been dutifully sending annual reports to… Read more

The loss of four desktop computers due to a 2013 break-in, which… Read more

From the Editor

Welcome to your Report on Patient Privacy subscriber-only Web page

Be sure to visit often, for PDFs of issues, article archives, narrative sections by privacy and security experts, and more!

Please e-mail me with your comments on the last issue of Report on Patient Privacy, story ideas for future issues, or any other suggestions you have that can make the newsletter more useful for you.

Mobile Device Use Policy & Procedure

This sample Mobile Device Use Policy and Procedure was provided to RPP subscribers by Chris Apgar, president of Apgar & Associates, LLC, in Portland, Ore. For more information, please contact Apgar at

Click here to access the policy.

October 7, 2016
OCR Releases Guidance on Cloud Computing

OCR has posted guidance on how to use cloud computing and still comply with HIPAA. The guidance is not only for covered entities and business associates but also for cloud service providers to help them understand their HIPAA obligations.

September 7, 2016
Sutter Health's Physical Audit Checklist

Sutter Health, a not-for-profit system of 24 hospitals based in Sacramento, designed this seven-part "Physical Audit Checklist" to ensure that no protected health information is inappropriately disclosed or displayed, particularly in facilities it is acquiring that may have been vacated by others. For more information, contact Jacki Monson, Sutter's chief privacy and security officer, at

September 7, 2016
Checklists from NIST’s Computer Security Incident Handling Guide

Click here for two checklists from NIST’s Computer Security Incident Handling Guide — an Initial Security Incident Handling Checklist and a Generic Incident Handling Checklist for Uncategorized Incidents.

It's quick and easy to sign up for FREE access to!

Why do I need to register?