HIPAA Blog Posts: HIPAA Business Associates

HIPAA Haggling with Business Associates Hospital CISO Describes Resistance on Omnibus Requirements by Marianne Kolbasuk McGee

 HIPAA Haggling with Business Associates, Hospital CISO Describes Resistance on Omnibus Requirements by Marianne Kolbasuk McGee, HealthcareinfoSecurity  Business Associates still in denial about meeting the new HIPAA requirements embodied in the Omnibus Rule.

 

Continue reading…

Tick, tock: less than 60 days to comply with HIPAA/HITECH updates Poyner Spruill LLP Tara N. Cho and Elizabeth H. Johnson

 Tick, tock: less than 60 days to comply with HIPAA/HITECH updates, Poyner Spruill LLP,Tara N. Cho and Elizabeth H. Johnson

Continue reading…

Are your HIPAA privacy policies up to date? Ogletree Deakins Stephanie Smithey

 Are your HIPAA privacy policies up to date?  Ogletree Deakins, Stephanie Smithey  "If you provide medical, dental, vision, wellness, employee assistance benefits, or if you sponsor a health reimbursement arrangement or a health flexible spending account plan, your HIPAA privacy compliance is likely out of date and should be reviewed immediately in light of the Omnibus Regulations."

Continue reading…

"Sixty days to HIPAA - HITECH: eight actions items to address now. 8, Establish Vendor Management Program"

"Sixty days to HIPAA - HITECH: eight actions items to address now, Nelson Mullins Riley & Scarborough LLP, Barry D. Alexander, Jason I. Epstein , Cynthia Bankhead Hutto, Eli A. Poliakoff, David F. Katz and Alexis Slagle Gilroy.  Action Item Number 8,  Establish Vendor Management Program..

Continue reading…

Are Compliant BAAs the Same as Compliant BAs?

 "Two months until the Omnibus Final Rule deadline: are your business associate agreements compliant?"  McGuireWoods LLP, Kimberly J. Kannensohn, Nathan A. Kottkamp and Holly Carnell.  My question would be are your business associates HIPAA HITECH compliant?

Continue reading…

Business Associate (BA) HIPAA Breach gets Wellpoint $1.4 Million Fine

" Whether systems upgrades are conducted by covered entities or their business associates, HHS expects organizations to have in place reasonable and appropriate technical, administrative and physical safeguards to protect the confidentiality, integrity and availability of electronic protected health information – especially information that is accessible over the Internet."   OS OCR PrivacyList, OCR (HHS/OS)

Continue reading…

Covered Entities Responsible Vicariously for HIPAA Violations by Their Business Associates

"It is important for covered entities to ensure that their business associate agreements are updated, and that business associates are adhering to the new requirements as the Final Rule makes clear that covered entities may be held liable vicariously for violations by business associates acting as agents."  Sherman & Howard LLC

Continue reading…

Business Associate (BA) Causes 188,000 HIPAA Patient Data Breach

"Officials announced July 1 that the HIPAA breach, which resulted in clients receiving personal and private documents belonging to other clients, occurred after FSSA contractor RCR Technology Corporation made a computer programming error to a document management system the company supports for FSSA. This error caused documents being sent to clients to be duplicated and also inserted with documents sent to other client

Continue reading…

Business Associate (BA) Causes 188,000 HIPAA Patient Data Breach

"Officials announced July 1 that the HIPAA breach, which resulted in clients receiving personal and private documents belonging to other clients, occurred after FSSA contractor RCR Technology Corporation made a computer programming error to a document management system the company supports for FSSA. This error caused documents being sent to clients to be duplicated and also inserted with documents sent to other client

Continue reading…

HIPAA HITECH: Know how your PHI is Handled

 “Under data privacy laws such as HIPAA/HITECH, a company is responsible for how data is handled in the hands of its business associates and vendors,” explain the authors. “An organization must know where all of its data is going and how it is being managed, particularly if it goes to a third party.”  2013 IT Security and Privacy Survey

Knowing How – and Where – Your Confidential Data Is Classified and Managed: A Survey on the Current State of IT Security and Privacy Policies and Practices.  http://www.protiviti.com/ITsecuritysurvey

Continue reading…