Subscription Required

Only paid subscribers* to Report on Patient Privacy can access this Web portal with three years of back issues, searchable article archives and other valuable resources.

Subscribers to Report on Patient Privacy receive

  1. Report on Patient Privacy, AIS’s industry-leading monthly newsletter, a copy of which will be mailed to you and posted — along with searchable archives of past articles and a convenient library with PDFs of back issues — on the subscriber-only website.
  2. Access to the industry’s most exhaustive HIPAA privacy and security website, which features:
    • 31 detailed narrative sections of guidance written by experts on every HIPAA compliance topic from A to Z. These exhaustive treatments are packed with sample forms, policies, procedures, decision trees and other practical tools you can adapt to your privacy and security compliance programs ... and it’s updated regularly.
    • Links to critical government documents required for compliance with privacy and security regulations and other related federal requirements.
    • Special E-Alerts when timely news breaks
    • Searchable archives of the monthly newsletter Report on Patient Privacy.
    • Recent stories of interest and hot topic articles grouped for convenient reading, and
    • Regular postings from your editor.
View a sample and get more information
September 2014

Recent Stories of Interest

From Report on Patient Privacy - On the day back in April when an alert was released that computer systems using open source software were vulnerable to an attack known as “heartbleed,” Beth Israel Deaconess Medical Center (BIDMC) hired an outside security firm to determine if any of its network components were at risk. As it turns out, BIDMC was using the very same Juniper router that would later be deemed the source of a massive data breach that Community Health Systems (CHS), a large hospital chain based in Nashville, Tenn., disclosed on Aug. 18 that it had suffered. Read more

Gone are the days of HIPAA covered entities (CEs) working with every… Read more

It sounds like something out of a 60s-era rock song. But the… Read more

At UMC Health System, the public system in Lubbock, Texas, that serves… Read more

From the Editor

Welcome to your Report on Patient Privacy subscriber-only Web page

Be sure to visit often, for PDFs of issues, article archives, narrative sections by privacy and security experts, and more!

Please e-mail me with your comments on the last issue of Report on Patient Privacy, story ideas for future issues, or any other suggestions you have that can make the newsletter more useful for you.


RPP subscribers can now access an extensive report with all the details of the new HIPAA/HITECH regulations, prepared by RPP Editor Francie Fernald. This report summarizes the amendments to the regulatory language and highlights the clarifications that HHS discusses in the preamble to the rule. It has two parts:

  1. Revisions to the breach notification rules, and
  2. Revisions to the HIPAA privacy and security rules and the HHS OIG enforcement rules mandated by the HITECH Act.

Click here to read the report (PDF file).

September 15, 2014
OCR Audits Delayed, but Number Will Increase

More onsite audits, but delayed launch of the permanent audit program — that’s the word from OCR’s senior advisor Linda Sanches, speaking at the HIMSS Privacy and Security Forum last week. The delay is due to new technology OCR will use in the audits. She also said the number of desk reviews has been reduced from 400 to 200, but because of additional funding, there will be a number of onsite audits. No definite date was announced for the launch.

September 5, 2014
Business Associate Agreement Compliance Is Imminent

September 23 is d-day, that is, deadline day, for business associate agreements. On that date, all business associate agreements must contain the additional requirements mandated by the January 2013 omnibus rule. These include provisions: ensuring the BA will comply with the security rule safeguards in §164.308 (administrative), §164.310 (physical) and §164.312 (technical) and will develop and enforce the policies and procedures and documentation requirements under §164.316 of the security regulations; stating that the BA will execute a business associate agreement with its subcontractors that create, receive, maintain or transmit PHI with the same restrictions, conditions and safeguards applicable to the business associate; and requiring the BA to report to the covered entity any use or disclosure of PHI not permitted under the agreement or any security incident of which it becomes aware, including breaches of “unsecured PHI” under the breach notification rule.

May 13, 2014
HHS to Send Survey Regarding Audit Worthiness

HHS has asked the Office of Management and Budget to approve a pre-audit survey that will be sent to 1,200 HIPAA covered entities and business associates. The survey will gather information to assess the size, complexity, and fitness of the CE/BA for an audit by the Office for Civil Rights.

It's quick and easy to sign up for FREE access to AISHealth.com!

Why do I need to register?