HIPAA Blog Posts: HIPAA Covered Entity

Business Associates in Massachusetts Must Be HIPAA Compliant by March 1.

Massachusetts: all contracts with vendors that handle personal information must institute safeguards by March 1, Baker & Hostetler LLP, Theodore J. Kobus III, February 16 2012 

Regulators are focusing more and more on how responsible organizations are when engaging third-party vendors. The Health Insurance Portability and Accountability Act (HIPAA) has in place requirements for engaging business associates. The Connecticut Department of Insurance has requirements for reporting breaches caused by vendors. And the Massachusetts Attorney General, through the Data Security Regulations, requires oversight of third party service providers. This is no surprise since many studies suggest that over a third of breaches are caused by vendors.

Continue reading…

On-Line HIPAA HITECH Breach at St Joseph Health System in California

A California health system is notifying about 30,000 patients that their personal health information was accessible via search engines for about a year.

St. Joseph Health System in Orange, Calif., says the records for patients treated at five of its hospitals were stored on the organization's internal computer network with incorrect security settings that allowed for the potential for inappropriate access. The information was available to search engines from early 2011 until this month, when the glitch was discovered.


Continue reading…

HIPAA HITECH Data Breach: $1000 Per Patient?

 With the new class action suit against UCLA for a HIPAA HITECH data breach it seems that the standard has been set at $1,000 per patient.  Yet Another Class-Action Filed After Breaches of Patient Data


Continue reading…

Law Firms Advising CEs to Monitor BAs for HIPAA HITECH Compliance

HIPAA:Stanford Hospital Data Security Breach May Trigger More Active Monitoring Of Business Associates By Covered Entities,  By Robert Belfort and Emily Lee, Manatt, Phelps & Phillips, LLP , Health Lawyers Weekly, October 7, 2011, Vol. IX, Issue 39

Continue reading…

BA Tracker (tm) Keep BAs HIPAA HITECH Compliant

Compliance Helper is pleased to announce a new service called BA Tracker(tm) that helps a CE track the current compliance level of all of their BAs and display it through the Compliance Meter (tm).  This is a free service to the CE.  If the BAs are not compliant Compliance Helper can help them set up a comprehensive privacy and information security program including customized policies, procedures, and forms.  They are supported by a privacy and security expert we call a Helper.

Continue reading…

HIPAA HITECH For Smarties: Free Webinars For Business Associates and Covered Entities

Continuing the series of Webinars presented by Compliance Helper and Rebecca Herold & Associates, June 22 is for Business Associates and June 29th is for Small Covered Entities.  The emphasis is on how cloud computing can enhance compliance by delivering the equivalent of on-site consulting for a fraction of the cost.

Continue reading…

HIPAA Risk Assessment Minus Remediation Equals Willful Neglect

If you do a risk assessment and do not remediate the risks identified, you have achieved a state of willful neglect, which subjects you to the highest penalties under the HITECH Act.

Continue reading…

After The HIPAA HITECH Breach: Another True Story

A 60 Minutes story about PHI left on a leased copier revealed a breach by Affinity Health Plan in New York.  Here is their report on the aftermath. http://www.hcca-info.org/regional/2011/NYC/Cullencolor.pdf

Continue reading…

HIPAA HITECH Breach By Small Physician Practice: Actual Experience

A HIPAA HITECH breach caused by an office burglary resulted in a letter from OCR demanding a large amount of information in a very short time frame. We will show you actual quotes from the letter that are as scary as an IRS audit letter

Continue reading…

Managing HIPAA HITECH Compliance of Your Business Associates

How should a Covered Entity manage their Business Associates?  HIPAA requires "satisfactory assurances" that business associates are compliant (§ 164.308 ).  Under NIST guidelines for HIPAA Security Rule Compliance, Covered Entities "May consider asking the business associate to conduct a risk assessment that addresses administrative, technical, and physical risks, if reasonable and appropriate." (NIST 800-66, rev 1, p48) 

A Free Webinar on May 11 at 8:00 am PDT will demonstrate a unique method that is "reasonable and appropriate".  https://www1.gotomeeting.com/register/226455856

Continue reading…