Session 1: 

Presenters: Hyla Schreurs and Rachel Lips

General Information

  • OCR Overview
  • Who is Covered by HIPAA (Covered Entities and Business Associates)
  • • How the compliance process works

Privacy Rule

  • What is and isn’t PHI 
  • Permitted Uses and Disclosures
  • Incidental Disclosures
  • Minimum Necessary Standard
  • Authorizations
  • Marketing
  • Administrative Requirements (Designate a Privacy Officer, Designate Person/Office to Receive Complaints, Provide Training, Develop and Implement Policies and Procedures)
  • Covered entities’ duties

Session 2:

Presenters: Hyla Schreurs and Emily Prehm

  • Individual Rights (NPP, Access, Amendment, Accounting, Alternative Communications, Request Restriction, Complaints to the CE and OCR)

Session 3:
Presenters: Meghana Shah and Karel Hadacek
Security Rule

  • Definitions/General Rules
  • What is Covered
  • Standards and Implementation Specifications
  • Administrative Safeguards
  • Physical and Technical Safeguards
  • Organization Requirements
  • Security Rule Resources

Session 4: 
Presenters: Emily Prehm and Rachel Lips
Breach Notification Rule

  • Definition of Breach
  • Notification to the Individual, Media, and HHS
  • Breach Highlights
  • What Happens when HHS/OCR receives a Breach Report


  • Compliance Trends/Challenges
  • Complaint Process/Enforcement Process
  • Recent Enforcement Actions and General Enforcement Highlights
  • Compliance Challenges

Breach and Enforcement examples

Rachel Lips, J.D.

Rachel Lips has been an Investigator for the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), Rocky Mountain Region, since November 2016. Rachel received a Juris Doctor from the University of North Dakota School of Law and is admitted to practice law in the state of North Dakota. She also received a Bachelor of Arts degree in Psychology and a Bachelor of Science degree in Criminal Justice Studies from the University of North Dakota.  Rachel lives in Parker, Colorado with her husband, Kellen, and their dog, Chloe. They enjoy traveling and spending time with their family and friends. 

Emily Prehm, J.D.

Meghana Shah, J.D.

Meghana Shah, J.D., is an experienced Investigator at the U.S. Department of Health and Human Services, Office for Civil Rights.  She conducts complaint investigations, compliance reviews, and outreach; and provides expert technical assistance on HIPAA and Federal civil rights laws which prohibit discrimination in the delivery of healthcare and human services. 

Karel Hadacek, J.D.

Equal Opportunity Specialist

Hyla Schreurs, J.D.


HIPAA for the Small Provider Part 1
Open to view video.
Open to view video. The webinar will cover what is and isn't protected health information (PHI), permitted uses and disclosures, authorizations, administrative requirements and more. Attendees will gain an understanding of their regulatory obligations and how the compliance process works.
HIPAA for the Small Provider Part 2
Open to view video.
Open to view video. The webinar will cover Notices for Privacy Practices (NPP), accounting, alternative communications, request restrictions and more.
HIPAA for the Small Provider Part 3
Open to view video.
Open to view video. This webinar will cover standards and implementation specifications, organization requirements, administrative safeguards, physical and technical safeguards and more.
HIPAA for the Small Provider Part 4
Open to view video.
Open to view video. This webinar will cover the definition of breach and appropriate ways to notify individuals, media, and HHS. Additionally, attendees will learn about recent enforcement actions, compliance trends and compliance challenges.