HIPAA requires all health care plans, clearinghouses and providers to implement new procedures in handling electronic medical records. Managing the records with integrity and discretion has become more difficult as well as expensive. Murer Consultants, Inc. has developed a program to assist in the training of members of health care facilities in HIPAA privacy implementation.


HIPAA requires all health care plans, clearinghouses, providers, and business associates to implement procedures in handling protected health information (PHI). All covered entities and business associates must comply with the HIPAA requirements to protect the privacy and security of health information and HIPAA also provides individuals with certain rights with respect to their health information. Managing the health information with integrity and discretion is growing in both difficulty and cost, but with Murer’s assistance effective security and compliance can be achieved. Murer Consultants, Inc. has accumulated years of experience in conducting HIPAA compliance reviews for both providers and business associates. In order to fully ensure HIPAA compliance, Murer utilizes the following project structure:

Phases of Murer Consultants’ HIPAA Compliance Audit Process: HIPPA PRocess image Documentation Collection In order to perform a review and assessment of a client’s current compliance of its companies with applicable HIPAA regulations, the client provides Murer Consultants with available pertinent documentation related to privacy and security of information.

Review of Information Murer Consultants performs a desk audit and evaluates all written documentation related to protecting sensitive information.

Information and Fact-Finding Interviews Along with reviewing client’s applicable documentation, Murer Consultants will conduct informational and fact-finding interviews with the client, to discuss the current pertinent policies and practices within its companies and to determine what additional practices may exist beyond what is formalized in writing.

Analysis and Preparation of Report Following the completion of the information collection and review, Murer will produce a comprehensive analysis of the existing policies and current practices within the client’s companies and prepare for the compliance review report. The Report will include:

  • PHI Inventory
    • Identify Source, Location, Custodian, Type, Safeguards, Vulnerabilities, Threats, and Criticality
  • Threat Matrix
    • Identify categories, likelihood of occurrence, and method of managing risk
  • Risk Matrix
    • Utilize PHI Inventory and Threat Matrix to evaluate overall risk
      • High Risk
      • Medium Risk
      • Low Risk
  • HIPAA Scorecard
    • Provides applicable regulatory standard and current compliance as well as level of remediation necessary

Remediation Based on the identified weakness within the client’s companies, Murer Consultants will include recommended policies and procedures to address the gaps between a client’s practices and regulatory requirements. Based on the HIPAA compliance review report provided by Murer Consultants, the clients could improve their policies and procedures in concert with their internal practices and the appropriate stakeholders.

Click Here for a printable PDF of Murer’s HIPAA Compliance Review Process


HIPAA Mapping and Plotting The program is designed to teach health systems what to look for in current practices so they may determine what course of action to take in order to comply with HIPAA rules and regulations. The training provides the following:

  • Definition of Senior Management’s role
  • Definition of Privacy Officer’s role
  • Identification of personnel to be trained
  • Explanation of how to train by department & discipline
  • Discussion of training materials needed
  • Explanation of how to make the most of in-house resources

Protecting Patient Privacy” was an article by Cherilyn G. Murer, J.D., C.R.A., President/CEO of Murer Consultants, Inc. which appeared in Rehab Management Magazine in 2002.


Examples of HIPAA Training Events:

HIPAA in the Rehab Setting: Critical Analysis for Successful Implementation
Speakers: Cherilyn G. Murer, J.D., C.R.A., Jason Levine, J.D., and Chris MacDonell
Chicago, IL
Sponsored by: CARF


HIPAA and Third Party Communication
Speakers: Lyndean Lenhoff-Brick, J.D.
Orlando, Florida
Sponsored by: Uniform Data System


Audio Conference: HIPAA and Medical Records
Speakers: Cherilyn G. Murer , J.D., C.R.A., Michael A. Murer, J.D. and Jason Levine, J.D.
Sponsored by: The Coding Institute