HB300 Training
HB300 training is similar to HIPAA training inasmuch as employees of entities covered by the Texas Medical Privacy Act are required to undergo training on what Protected Health Information is and how the privacy of individually identifiable health information must be protected from unauthorized access and impermissible disclosures. However, there are some significant differences between HIPAA and the Texas Medical Privacy Act as amended by Texas HB300. Where differences exist, the Texas Medical Privacy Act preempts HIPAA if the Act increases the duties of Covered Entities, has greater protections against unauthorized access and impermissible disclosures, or provides more patients’ rights. Who is Required to Comply with HB300? The Medical Privacy Act of 2002 states any entity (individual or organization), employee, agent, or contractor who creates, receives, obtains, maintains, uses, or transmits Protected Health Information (PHI) relating to a citizen of Texas is considered to be a Covered Entity under the Act. This definition includes entities outside of Texas with access to PHI...
OB-GYN Associates & Beverly Hills Oncology Medical Group Issue Breach Notifications
OB-GYN Associates in Nevada and Beverly Hills Oncology Medical Group in California have recently started notifying patients affected by hacking incidents. OB-GYN Associates, Nevada OB-GYN Associates, a women’s health clinic in Reno, Nevada, has recently mailed notification letters to 62,238 individuals warning them that some of their protected health information has been exposed in a recent security incident. On or around August 7, 2025, suspicious activity was identified within its IT environment. Third-party cybersecurity experts were engaged to investigate the activity and confirmed that there had been unauthorized access to parts of its network where patient data was stored. The review of the affected data was completed on September 29, 2025. While no evidence of data misuse has been identified, patients have been informed that their first and last names, Social Security numbers, driver’s license numbers, and medical information have been exposed and may have been stolen. As a precaution against data misuse, the affected individuals have been offered complimentary single-bureau...
HIPAA Training for Medical Assistants
HIPAA training for medical assistants helps healthcare organizations comply with HIPAA by preparing medical assistants to protect protected health information (PHI) during patient intake, clinical support tasks, documentation, and everyday communications. Medical assistants often work at the intersection of clinical and administrative activity, which means PHI can be encountered in many quick handoffs and routine processes where small mistakes can lead to disclosures or security events. HIPAA Training for Medical Records and PHI Medical assistants handle PHI in appointment schedules, rooming notes, vital signs, histories, medication lists, lab requisitions, referral paperwork, immunization records, and follow-up instructions. PHI can also appear in messages, printed summaries, faxes, scanned documents, task lists, and spreadsheets used to manage clinic flow. Training should reinforce that PHI is not limited to diagnoses and test results, since identifiers combined with service context, visit details, or care instructions may be PHI depending on how the information is used and...
HIPAA Training for Emergency Medical Technicians (EMTs)
Emergency Medical Technicians (EMTs) need the standard HIPAA training that all healthcare staff receive and additional training on the HIPAA Rules during emergencies because they collect and share patient information during emergencies, and they must protect privacy while communicating quickly with dispatch, partners, hospitals, and other responders. Why HIPAA applies to EMT work EMTs encounter Protected Health Information (PHI) in almost every call, from names and addresses to symptoms, medications, and transport notes. The challenge is that EMT care happens in public places, crowded homes, schools, roadsides, and ambulances where privacy is harder to control. HIPAA training should help EMTs balance two priorities at the same time, providing safe and effective care and preventing unnecessary exposure of patient information. What EMTs should learn in a core HIPAA course A strong course starts with the basics and then connects them to how EMTs work. EMTs should understand the meaning of PHI and ePHI, the purpose of Minimum Necessary standard, and how permitted uses and disclosures...
HIPAA Compliance for Hospices
HIPAA compliance for hospices has to take into account that many members of the workforce may be volunteers or clergy who are less familiar with compliance requirements, yet who may be placed under extreme emotional pressures from the families of patients they are caring for. HIPAA compliance is rarely straightforward in the healthcare industry, and HIPAA compliance for hospices is one area in which it less straightforward than most. The rules regarding the disclosure of Protected Health Information limit conversations with family members if patients have not previously given their consent for the conversations to take place. Furthermore, if no DPHA is appointed, obtaining consent when the patient cannot express themselves is impossible. And that´s just the beginning. Many hospices are supported by volunteers, who – under the Privacy Rule – are regarded as members of the workforce. Volunteers have to be provided with the same training on HIPAA, permissible disclosures of Protected Health Information and HIPAA-compliant policies as professional healthcare providers. They...



