medical practices icon

When creating these resources and searching for external sources, we aimed to keep things simple - you'll find tips on how to become compliant, information from the government, and several great articles from around the web. We tried to avoid dense, hard-to-understand material, and focused on shorter, prescriptive pieces.

These resources are mentioned in context throughout our analysis for practices and billing companies, but we thought it'd be nice to get them all together for easy access.

Note: If you are interested in exploring the raw survey data for your own research, we'd be happy to share it! Just shoot us a message here and let us know a little about the project you're working on.

HIPAA Audits

"HIPAA Audit Program phase 2: delayed" - Paula M. Stannard of Alston & Bird LLP offers a great overview of Phase 2 of the audit program.

"OCR senior advisor: Stay tuned on HIPAA audit timeline" - This news article containins the OCR's official statements about the delay.

"Phase 1 Findings / "OCR to Begin Phase 2 of HIPAA Audit Program" - This article summarizes the findings from Phase of the audit program, and offers tips for preparing for Phase 2.

"HIPAA Audits 101" - Attorney Dan Brown discusses what HIPAA audits are, how they affect medical practices, and how you can prepare.


Compliance Plans

Communicate Your Plan: Wondering about best practices for communicating your compliance plan to staff? Check out Dan Brown's video for tips now.



Training Tips: One of the biggest red flags during an audit is staff confusion or ignorance. Check out the video for tips on how to institute a HIPAA training program.


Security and Privacy Officers

Security Officers and Policies: In the following video, Dan Brown explains why appointing these officers is so important and provides some tips on how to do it.


Breach Notification Policies

Breach Policies: In the following video, Dan Brown explains why breach notification policies are so imporatant, and provides some insight into the type of action you need to take in a worse case scenario.


Risk Analysis

Tips for Conducting a Risk Analysis: In the following video, Dan Brown shows why risk analyses are so important and give tips for conducting one.

"Security Risk Assessment Tool" - A downloadable tool to help guide you through the process of conducting a risk analysis.


Business Associate Agreements

"Sample Business Associate Agreement Provisions from HHS" - This document from provides an explanation of Business Associate Agreements and contains some language you can use to help create your BAAs. While your BAAs will likely be customized to reflect the individual agreements you have with various Business Associates, this reference provides a great starting point.

BAA Overview: In the following video, Dan Brown gives a great explanation business associates and business associate agreements (BAAs)

"Practical Steps for Business Associate Compliance With the HIPAA Final Rule" - This article, written by Deborah Gersh and Jennifer Romig of Ropes & Gray LLP, summarizes how the Final Rule introduced new liabilities for Business Associates and provides several tips on how BAs can achieve compliance.



Technology, Mobile, and Online Communication

Tips for Cataloging Electronic Devices: In the following video, Sarah Browning offers some insight on cataloging electronic devices at your practice.

"Spreadsheet for Cataloging Devices - Download " - You can use this spreadsheet as a template for tracking your organization's electronic devices. It shows which pieces of information you should track, and includes a few example entries.

Steps to Take When a Mobile Device with PHI Goes Missing - In this video, Sarah Browning offers advices on the steps to take if you discover a mobile device has been lost or stolen.

"Protect and Secure Health Info on Mobile Devices" - This simple but robust resource from offers ways you can protect and secure health information on your organization's mobile devices.

"Mobile Device Policies and Procedures - Fact Sheet" - A quick one-pager that has nine tips to help you understand your organization's mobile device policies and procedures.

Keeping Email Compliant - In the following video, Sarah Browning discusses email encryption and your responsibilities for ensuring communication is transmitted securely.

"Does the Security Rule allow for sending electronic PHI (e-PHI) in an email or over the Internet?" - See the response from the Department of Health & Human Services in their Frequently Asked Questions section.

"HIPAA Compliant Email: Some proactive strategies" - This article from The Fox Group LLC provides five practical strategies for achieving HIPAA-compliant emails.

"Gmail: Staying at the forefront of email security" - This blog post discusses the measures Google is taking to secure emails sent through Gmail.

"Encrypting email messages in Outlook" - Instructions on how to encrypt emails using Microsoft Outlook.


Survey Executive Summary from Porter Research

"Porter Research Executive Summary" - Porter Research created this executive summary of the survey results. It provides insight over the entire group of respondents (instead of viewing it by medical practices and billing companies).

Disclaimer: The video presentations on this webpage and the associated white papers featuring attorneys from the Daniel Brown Law Group, LLC, are for educational purposes only. Nothing in the videos or the white papers is intended to constitute legal advice or to create an attorney client relationship with any person or entity.


Comments on Resources

Have some insight or additional resources you'd like to share? Maybe a question you'd like answered? Leave comments below!