HIPAA Rules
What Are the 3 Rules of HIPAA? A Plain-English Guide
A small dermatology practice in Connecticut thought they had HIPAA covered. They had a privacy notice on their website and a shredder in the back
Carl B. Johnson
Healthcare Chief Information Security Officer (CISO), Virtual Privacy Officer and HIPAA Compliance Educator and National Speaker on Healthcare Privacy & Security
HIPAA Training Requirements
HIPAA Training Requirements for Employers in 2026
The Penalty That Started With an Untrained Receptionist In 2018, Cottage Health paid $3 million to settle with HHS after a breach exposed over 62,
PPI HIPAA
PPI vs HIPAA: What Healthcare Workers Get Wrong
The Acronym Mix-Up That Can Cost Your Organization Millions Last year, I was leading a workforce training session at a mid-sized hospital system in Ohio
HIPAA Privacy and Security Training
HIPAA Privacy and Security Training: What Actually Works
A radiology technician at a hospital in New York forwarded a patient's imaging report to her personal Gmail account so she could "
Business Associates
What Are Business Associates Under HIPAA?
A cloud storage vendor loses a laptop containing 20,000 patient records. The hospital that hired them gets the breach notification letter. The vendor insists
HIPAA Basics
HIPAA Is the Acronym Used For: What It Really Means
I once watched a hospital administrator spell it "HIPPA" on a slide deck in front of 200 employees. Nobody corrected her. That moment
HIPAA Certification
HIPAA Certification Online: What You Actually Get
Last year, a practice manager in Ohio told me she'd had her entire staff complete an online HIPAA certification she found through a
Fraud Waste and Abuse
Fraud Waste and Abuse: What HIPAA Teams Miss
A physician in Texas billed Medicare for over 5,000 hours of home health services in a single year. That's roughly 14 hours
HIPAA for Dental Offices
HIPAA for Dental Offices: What Most Practices Get Wrong
A front desk coordinator at a three-dentist practice in North Carolina handed a patient the wrong checkout summary. Attached to it was another patient'
HIPAA Training
OSHA and HIPAA Training for Dental Offices Online
Two Inspectors, One Waiting Room, Zero Excuses A dentist I worked with in Arizona got hit twice in the same quarter — an OCR audit letter
ePHI
What Is ePHI? The Digital Data That Costs Millions
A Single Unencrypted Laptop Changed Everything In 2017, a stolen laptop cost Lifespan Health System Affiliated Covered Entity (ACE) a $1,040,000 settlement with
HIPAA Violation Lawyer
HIPAA Violation Lawyer: When Your Organization Needs One
Last year, I watched a three-physician practice in the Midwest spend eleven months fighting an OCR investigation — without a lawyer for the first four. By