HIPAA Blog Posts: HIPAA Business Associates
"PHI warnings" in communications -- a potential source of unintended security breach? Fox Rothschild LLP
"Finally, if PHI is sent to a recipient prior to the parties’ execution of a compliant BAA and implementation of policies and procedures to protect PHI properly, a PHI Warning is unlikely to mitigate the liability of the sender (or recipient) for a security breach under HIPAA/HITECH."
The Ponemon Institute’s 2009 study of data breach costs indicates that 42 percent of the breach incidents studied were caused by third-party mistakes, and the involvement of those third parties increased the cost of the breaches by 12 percent.
You don't have to have a patient data breach to be guilty of HIPAA violations. If you don't have a compliant privacy and security program in place today you are probably already in breach of HIPAA rules.
With a personal Helper answering your questions, an investment of 2 hours a week, and at a cost under $500 per year, your small (1-5 employees) company can be on the path to HIPAA HITECH compliance.
An analysis of HHS information finds the biggest security leaks come from stolen laptops and removable memory technology. The take-home message: Keep devices locked up.By Pamela Lewis Dolan, amednews staff. Posted Sept. 3, 2010.
Four Massachusetts community hospitals are investigating how thousands of patient health records, some containing Social Security numbers and sensitive medical diagnoses, ended up in a pile at a public dump. The unshredded records included pathology reports with patients’ names, addresses, and results of breast, bone, and skin cancer tests, as well as the results of lab work following miscarriages. By Liz Kowalczyk Globe Staff / August 13, 2010
"Holding a business associate contractually liable, not only for improper uses and disclosures of PHI, but also for compliance with all other requirements of the Privacy Rule that pertain to the performance of the business associate's contract" Reinhart Boerner Van Deuren SC
44% of CIOs say Business Associates Not Ready for "Meaningful Use":Pricewaterhouse Coopers Study Shows
44% of CIOs say they are concerned that the external vendors they rely on in health information exchanges are not prepared for meaningful use implementation according to a survey done by Pricewaterhouse Coopers.
Business Associates Liable for Breach of Their Business Associate Agreements, Effective February 17, 2010
Consequently, effective Feb. 18, 2010, the HITECH Act makes business associates both contractually liable to a covered entity for breach of the business associate agreement with the covered entity and civilly and criminally liable to the government for violations of those Security Rule requirements and the Privacy Rule's business associate agreement requirements.
OCR Issues Proposed Modifications to HIPAA Privacy and Security Rules