Business Associates Need HIPAA HITECH Compliant Policies and Procedures, Now/1
" Covered entities and business associates should consider finalizing any updates to their privacy and security policies, procedures, safeguards and documentation, and revisit these later in the year for any adjustments needed when the final HITECH Act regulations are published." Final HITECH act regulations will be published in 2012, Baker & Hostetler LLP, John S. Mulhollan, January 19 2012
Minnesota Attorney General Sues Business Associate for HIPAA HITECH Data Breach
The consulting firm that lost a laptop computer with medical data on 23,500 Minnesotans last summer has been sued by Minnesota Attorney General Lori Swanson, who says it violated health privacy laws and state consumer protections.Minnesota Star Tribune
http://www.startribune.com/local/137678533.html?source=error
HIPAA HITECH Data Breach Costs Small Business Associate $300,000
The Massachusetts eHealth Collaborative, a non-profit consultancy that experienced a health information breach, learned eight important lessons from the experience, says CEO Micky Tripathi. Tripathi spelled out in a recent blog the details of the organization's breach, which involved the theft of an unencrypted laptop from an employee's car, The breach, which affected about 1,000 patients of the collaborative's physician group practice clients, cost almost $300,000 to resolve.
HIPAA HITECH In Effect for Business Associates: Since February 2010
Business associates, in particular, need to be aware that the HITECH Act's imposition of specific technical, administrative and physical safeguards onto their operations became effective in early 2010, one year after the HITECH Act was enacted:HITECH Act's changes to privacy and security regulations: key dates for covered entities and business associates,: Baker & Hostetler LLP, John S. Mulhollan, December 13 2011
HIPAA HITECH Data Breach Costs Small Business Associate $300,000
"One afternoon last spring, Micky Tripathi received a panicked call from an employee. Someone had broken into his car and stolen his briefcase and company laptop along with it. So began a nightmare that cost Mr. Tripathi’s small nonprofit health consultancy nearly $300,000 in legal, private investigation, credit monitoring and media consultancy fees. Not to mention 600 hours dealing with the fallout and the intangible cost of repairing the reputational damage that followed." Digital Data on Patients Raises Risk of Breaches
Nearly Half of HIPAA HITECH Data Breaches Caused By Business Associates (BA)
3 of the 6 List HIPAA HITECH Breaches (50%) that affected 1,000,000 or more individuals reportedly involved BAs of the reporting CEs and 13 of the 29 List Breaches (44.8%) that affected between 30,000 and 999,999 individuals reportedly involved BAs of the reporting CEs.
Third Parties (BAs) Second Leading Cause of HIPAA HITECH Data Breach: Ponemon Institute 2d Annual Study
Third parties, ie business associates, are the second leading cause of HIPAA HITECH data breaches and the percentage has increased from 34% in 2010 to 46% in 2011. Astoundingly the percentage of CEs that even have BA agreements in place has shrunk form 66% to 56%.
BAs Must Provide Proof of HIPAA HITECH Compliance: Hennepin County Medical Center privacy officer Kari Myrold
Hennepin County Medical Center has beefed up its agreements with business associates in light of the high number of breaches across the nation that have involved vendors. For example, the hospital requires business associates to strictly limit who has access to patient data as well as provide evidence of the results of an audit of their security procedures.
BAs Must Provide Proof of HIPAA HITECH Compliance: Hennepin County Medical Center privacy officer Kari Myrold
Hennepin County Medical Center has beefed up its agreements with business associates in light of the high number of breaches across the nation that have involved vendors. For example, the hospital requires business associates to strictly limit who has access to patient data as well as provide evidence of the results of an audit of their security procedures.
Monitor Business Associate's HIPAA HITECH Compliance: Security specialist Tom Walsh, president of Tom Walsh Consulting
Carefully monitor business associates. "A signed business associate agreement is probably not enough," Security specialist Tom Walsh, president of Tom Walsh Consulting says. "Obtain reasonable assurances through a checklist of security questions, require some type of certification or have an independent audit conducted to validate their security safeguards and controls. Build it into their contract."
Subscribe via RSSCategories
- HIPAA HITECH Act
- HIPAA Covered Entity
- HIPAA Business Associates
- Health Information Privacy
- HIPAA Compliance Online Software
- HIPAA Compliant Checklist
Recent Blog Posts
- Business Associates Need HIPAA HITECH Compliant Policies and Procedures, Now/1
- Minnesota Attorney General Sues Business Associate for HIPAA HITECH Data Breach
- HIPAA HITECH Data Breach Costs Small Business Associate $300,000
- HIPAA HITECH Rules De Facto Standard?
- HIPAA HITECH Data Breach: $1000 Per Patient?
- Senate Hearings Focus on Lack of HIPAA Enforcement, Final HITECH Rule
- more from the blog
