HIPAA Blog Posts: HIPAA Covered Entity
"Anthem officials said its corporate website had been revamped in October by a third-party vendor that, according to the health insurer, failed to secure sections of the site to ensure visitors couldn't access members' medical records and Social Security numbers." from a blog by Larry Barrett to eplanetsecurity, June 25, 2010
As we have been saying for months your business associates (BA) represent the highest risk to your PHI and just having a BA agreement in place isn't going to protect you in the event of a breach.
In the same announcement that stated that enforcement of HIPAA HITECH and particularly sections relating to business associate liablity were delayed, it was announced that breach notification was being enforced. Isn't this the cart before the horse?
Lucy is telling all of us Charlie Browns that the HITECH regulations will be delivered by July 8th, hah!
Another entrant on OCR's Wall of Shame as Anthem Blue Cross of Orange County California breaches 200,000 records.
HIPAA HITECH regulations to be released on June 26th. Another trial ballon or is this the real thing this time?
Who is in charge of risk mitigation is an important question to ask, as the operators of the Deepwater Horizon found out.
Business Associates are avoiding HIPAA HITECH compliance due to HHS announcing "delay in enforcement".
In the past HIPAA audits have been reactive or truthfully unactive, but OCR says they will be contracting for proactive audits by the end of the year.