Business Associates Liable for Breach of Their Business Associate Agreements, Effective February 17, 2010

Consequently, effective Feb. 18, 2010, the HITECH Act makes business associates both contractually liable to a covered entity for breach of the business associate agreement with the covered entity and civilly and criminally liable to the government for violations of those Security Rule requirements and the Privacy Rule's business associate agreement requirements. 

The Politics of Health Care


OCR Issues Proposed Modifications to HIPAA Privacy and Security Rules

Published August 11, 2010 7:24 AM by Frank Irving

Continue reading…

Do Note Breach Business Associate Agreements:Ford & Harrison LLP, Daniel Sulton

"Also the parties to a business associate agreement must include provisions in the agreement requiring the business associate to take reasonable steps to cure any material breach or violation of the business associate agreement between the business associate and a subcontractor, or terminate the contract."Ford & Harrison LLP Daniel Sulton

Continue reading…

Healthcare Leads in Data Breaches:Transparency Needed

Of the 385 organizations hit with data breaches so far this year, 113 were in health care, according to the Identity Theft Resource Center's report for July 28. Just 39 breaches have been reported in banking and finance according to the ITRC. Experts cite a lack of compliance and improper data access by insiders as culprits.

Continue reading…

"My Credit Card is Being Used Fradulently after Anthem Blue Cross HIPAA Data Breach"

 "Three days ago, my credit card number was used fraudulently. Today I received a letter from Anthem telling me a breach had occured, leaking my social security number, name & credit card number."

Continue reading…

No HIPAA Compliant Policies and Procedures Means "Willful Neglect"

For example, the OCR stated that the failure to develop or implement compliant HIPAA policies and procedures "demonstrate[s] either conscious intent or reckless disregard with respect to . . . compliance obligations," and may be the basis for a finding of a violation due to willful neglect. [99] 75 Fed. Reg. 40,879

Continue reading…

Legal Review of New HIPAA HITECH Rules: Foley & Lardner

HHS releases proposed HITECH rule
Foley & Lardner LLP
On July 14, 2010, the Office for Civil Rights of the Department of Health and Human Services (HHS) published a Notice of Proposed Rulemaking (Proposed Rule) that proposes significant changes to the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security and Enforcement Rules.

Continue reading…

Vendors: Can You Prove Your HIPAA HITECH Compliance?

"Vendors seeking to court healthcare clients will now need to pitch not only functionality but a compliance message as well." Report From the Trenches: Health IT Post-HITECH By Ed Moyle TechNewsWorld 07/20/10 5:00 AM PT

Continue reading…

Top Privacy and Security Experts Agree: Business Associates Must Comply with HIPAA HITECH

"The rule makes it much clearer that the covered entities' responsibilities must go far beyond just having a business associate agreement," Rebecca  Herold stresses. Instead, hospitals, clinics and others must work closely with their business partners to make sure they're carefully following the HIPAA privacy and security rules, she adds.

Continue reading…

Signed a Business Associate Agreement?, Get Compliant, Says HHS

"For those business associates that have not already adopted HIPAA-compliant privacy and security standards for PHI, the risk of criminal and/or civil monetary penalties may spur them to increase their efforts to comply with privacy and security standards." Page 164 NPRM

Continue reading…

HHS Expects Business Associates to be Compliant, Now!

This NPRM from HHS contains serious warnings to business associates that they expect them to be HIPAA HITECH compliant with their business associate agreements now, and if not, they should get started immediately.

Continue reading…