1-2 Page HIPAA Fact Sheet

  • 1.  1-2 Page HIPAA Fact Sheet

    Posted 10-15-2020 02:40 PM
    ​Good afternoon!
    I have been asked to create a 1-2 page HIPAA Fact Sheet for our Senior Staff (think C Suite or Board of Directors) to read for compliance with HIPAA training.

    I'm struggling with condensing down my material to that degree.

    Does anyone have any ideas/formats/documents they could share?

    This is high level staff who would likely not encounter PHI in the course of their duties, but need to understand the HIPAA Privacy Rule's core purpose and how noncompliance could ultimately affect the organization.

    All feedback is welcome!

    Dr. Randy Lewis, LMFT, CHPC
    HIPAA Privacy Officer
    Orange County Government
    Orlando, FL

  • 2.  RE: 1-2 Page HIPAA Fact Sheet

    Posted 10-16-2020 01:22 PM
    Hi Randy,

    HHS has summaries of the Privacy Rule and the Security Rule on their website. If these summaries are still too long, maybe you could start with these summaries and pare them down to your liking.

    Anthony Ambrose, MBA, CHC, CHPC
    Compliance Officer
    Service Access and Management, Inc.
    Lewisburg, PA


  • 3.  RE: 1-2 Page HIPAA Fact Sheet

    Posted 10-16-2020 01:28 PM

    Thanks Anthony!


    Dr. Randy Lewis, LMFT, CHPC, CHP

    Orange County HIPAA Privacy Officer

    2002A East Michigan Street

    Orlando, FL 32806

    407-836-9214 – desk

    407-836-2856 – fax  


    CHPC logoimage001.png@01CF32E5.20AE09D0 


    HIPAA Questions and concerns can be addressed to:

    Orange County HIPAA Privacy Officer at



    PLEASE NOTE: Florida has a very broad public records law (F. S. 119).
    All e-mails to and from County Officials are kept as a public record.
    Your e-mail communications, including your e-mail address may be
    disclosed to the public and media at any time.


  • 4.  RE: 1-2 Page HIPAA Fact Sheet

    Posted 10-16-2020 03:17 PM
    Very simple a 1 paragraph statement will cover everything they need to know to decide they need to know more about compliance than a 2 page summary.

    The DOJ had determined a lack of engagement by an organization's governing body in compliance activities indicates an organization that is less than fully committed to compliance. This lack of commitment may result in higher fines, and harsher penalties awarded in the event of HIPAA breach or violation. Please see the attached document, informally refered to as The Yatze Memo for DOJ's policy on corporate miss conduct and the personal responsibility of organizational representatives. 

    Not a literal suggestion but ment to get you thinking about how to effectively communicate something similar that would match your organizational culture.

    Hope this helps.