HIPAA Blog Posts: HIPAA Business Associates
The $4 million settlement of a class action lawsuit filed under California law, not HIPAA, was announced by Los Angeles County Superior Court Judge Elihu Berle. The breach was caused when Stanford handed over encrypted data to Multi-Specialty Collection Services which ended up posted on a student website where it was available to the public for over a year.
A class action lawsuit has been filed against Los Angeles County and a vendor that handles patient billing and payment collections for the county's departments of health services and public health in the wake of a breach last month affecting 168,500 individuals. The breach was the result of a Feb. 5 theft of eight unencrypted desktop computers from the Torrance, Calif. office of Sutherland Healthcare Services, the billing and collections business. Class Action Suit Filed in L.A. Breach, Seeking Damages in Wake of Computer Theft Incident, By Marianne Kolbasuk McGee, March 19, 2014. Follow Marianne @HealthInfoSec
Law firm recommends that covered entitiesand business associates "investigate subcontractors' data protection practices, including by way of reviewing third party audit reports and written data security policies where available". Interestingly this is not a HIPAA issue, yet but the FTC despite the fact that it is a healthcare transcripton company that caused the breach.
The HIPAA Omnibus Rule has created a new dialogue about HIPAA business associate agreements. Business associates need to be very careful about signing business associate agreements as covered entities and business associates are trying to shift liability to their business associates or sub-contractors.
HHS will be starting HIPAA business associate audits in 2014, but the most likely source of an audit is a covered entity or business associate seeking "satisfactory assurances that you are HIPAA compliant.
The HIPAA Omnibus Rule has changed the requirements for insurance producers and Compliance Helper has responded with a special program to help them get compliant, stay compliant, and prove compliance with our Compliance Meter(tm).
September 23, 2013 was the deadline for all health insurance producers to be HIPAA compliant. A new tool from Compliance Helper helps them get compliant, stay compliant, and prove compliance for only $99 setup and $35 per month.
First there was HIPAA, then HITECH, now Omnibus, what is a business associate supposed to do? Well since 60% of business associates surveyed had never heard of the Omnibus Rule get educated is critical.
What Next with HIPAA Omnibus? David Finn of Symantec on Top Compliance Challenges "It's going to be imperative that covered entities monitor and know what the business associates are doing, but they're not going to realistically be able to do that themselves."