HIPAA Blog Posts: HIPAA Business Associates

Ransomware Attack is a HIPAA Breach

A ransomware attack can trigger a series of bad events leading to a huge HIPAA fine.  The slippery slope: Ransomware attack is a HIPAA breach, which when reported triggers an audit, that discovers a lack of an up to date risk assessment, which leads to a fine for willful neglect.

Continue reading…

No HIPAA Risk Assessment? $400,000 Fine

Metro Community Provider Network received a $400,000 fine and a corrective action plan for failing to do a risk assessment prior to a phishing incident that exposed 3200 employee files.  Doing the risk assessment a month after the breach didn't work.

Continue reading…

The HIPAAssure® NIST Framework vs HITRUST

Compliance Helper offers the NIST framework at a fraction of the cost of HITRUST.  Assure compliance with HIPAAssure®, built on the NIST framework, delivered in the SaaS method, and with the Helper methodology to reduce cost.  

Continue reading…

HIPAA Risk Assessment: Get Out Of Jail Free Card

An up to date HIPAA risk assessment is the one single proof of HIPAA compliance that can prevent huge fines and possible jail time.  No matter what else you have done if you don't have an official (NIST) and up to date (at least annually) HIPAA risk assessment you are probably in willful neglect.

Continue reading…

Got PHI in The Cloud?: Get HIPAA Compliant!

HHS issued new guidelines for covered entities or business associates who use cloud computing to create, maintain, store, transfer, or process PHI.   In a nutshell, every entity involved in the process must be HIPAA compliant even if the data is encrypted.

Continue reading…

OCR Steps Up Investigation of Smaller HIPAA Breaches

Beginning this month, OCR, through the continuing hard work of its Regional Offices, (my emphasis) has begun an initiative to more widely investigate the root causes of
breaches affecting fewer than 500 individuals.  OCR-Announcement-8-18-16.pdf

Continue reading…

Business Associate Exposes 650,000 Patient Records

In a breach reminiscent of the Anthem HIPAA breach, a business associate left 650,000 patient records exposed on the Internet.  R-C Healthcare Management a business associate of Bon Secour was adjusting their network settings and left the patient records exposed from April 18 through April 21.

Continue reading…

HIPAA Audits and Penalties for Business Associates

Huge fines and audits are the signal that HIPAA compliance is entering a new era for business associates.  A $650,000 fine was assessed for a business associate that lost an unencrypted and non-password protected I-Phone and the audit letters are on their way.

Continue reading…

No BA Agreement: $750,000 Fine

An orthopedic clinic failed to get a BA agreement before sharing PHI with a business associate and got a $750,000 fine.  Jocelyn Samuels, director of OCR, said in the statement. "It is critical for entities to know to whom they are handing PHI and to obtain assurances that the information will be protected."

 

Continue reading…

Ransomware is a HIPAA Breach

A recent article in Health IT Security made the point that crminal control of PHI is a HIPAA breach and that in ramsomware that occurs.  Here is the full article:

http://healthitsecurity.com/news/why-healthcare-ransomware-attacks-are-hipaa-data-breaches 

Continue reading…