HIPAA Blog Posts: HIPAA Business Associates
The BA HIPAA HITECH Compliance Plan is reasonable in cost and effective for both covered entities and business associates.
"The HHS technically could claim "willful neglect" if you don't actively ensure compliance with HIPAA HITECH"
Rebecca Herold, reporting from the frontlines at IAPP reported that an attorney from Deloitte stated in a HIPAA HITECH session that "The HHS technically could claim willful neglect if you don't actively ensure BA compliance with HIPAA/HITECH." He qualified his statement by saying that this was still a topic for discussion in the healthcare legal community.
Slow Hospital Compliance with New Regulations Causing Increased Data Breaches & Medical Identity Theft
A national survey conducted by Identity Force found that the pandemic of data breaches and medical identity theft remains at critical levels throughout hospitals in the United States despite new regulations, including the HITECH Act, meant to protect the security of patients’ personal information.
§ 164.308 Administrative safeguards.
(b)(1) Standard: Business associate contracts and other arrangements. A covered entity, in accordance with §164.306, may permit a business associate to create, receive, maintain, or transmit electronic protected health information on the covered entity's behalf only if the covered entity obtains satisfactory assurances, in accordance with §164.314(a) that the business associate will appropriately safeguard the information.
Lauren Kovach, IBM Security Solutions, says make sure your business associates understand their HIPAA HITECH responsibilities.
HITECH Compliance: IBM's Lauren Kovach
April 15, 2010 - Howard Anderson, Managing Editor, HealthcareInfoSecurity.com.
Healthcare organizations need to take steps to ensure their business associates understand their requirements under the HITECH breach notification rule, says Lauren Kovach of IBM Security Services.
You have heard a lot talk about the HIPAA HITECH problems but here are the solutions to your four most urgent problems.
"Any entity that comes into possession of PHI (even temporarily or indirectly) in connection with the services it provides to other entities must ensure that it is acting in compliance with the requirements of HIPAA and the HITECH Act." The OCR delay in defining certain rules does not mean the HIPAA HITECH requirements have been delayed, they are effective now.
According to market research firm Javelin Strategy & Research, data theft and other fraudulent activities related to the exposure of EMR data more than doubled in 2009. There were more than 275,000 cases of theft of medical information in the United States in 2009. Javelin expects that incidents of fraud will continue to increase as more medical providers increase their use of EMR.
State Attorneys General will prosecute for HIPAA HITECH violations.
An insurance broker confided that their association had urged them to get started on compliance despite the lack of clarity about the business associate rules. The law is clear that they need policies and procedures, a privacy officer, and training for their staff.