HIPAA Blog Posts: HIPAA Business Associates

HIPAA in the cloud: storing PHI may make you a business associate under HIPAA Winston & Strawn LLP Linda Lemel Hoseman and Liisa M. Thomas

 HIPAA in the cloud: storing PHI may make you a business associate under HIPAA, Winston & Strawn LLP Linda Lemel Hoseman and Liisa M. Thomas

Continue reading…

Certified HIPAA Business Associate? Maybe

 "Now that HHS and Amazon are working together, covered entities should find CSPs more receptive to entering into business associate agreements."Business associate agreements: more readily accepted by cloud service providers? Maybe  Baker & Hostetler LLP, Lynn Sessions and Michael R. Young

Continue reading…

Think you’re not covered by HIPAA? Think again. Morrison & Foerster LLP Andrew B. Serwin , Peter F. McLaughlin and Melissa M. Crespo

 "This means that the Security Rule, the Breach Notification Rule, and certain provisions of the Privacy Rule now apply directly to Business Associates, with the potential for enforcement by HHS directly against the Business Associate. As a result, Business Associates are now required to conduct a risk analysis to assess the nature and volume of electronic PHI ("ePHI") and the risks of unauthorized use or disclosure of PHI. They must implement administrative, technical, and physical safeguards appropriate to the risks and vulnerabilities identified in the risk analysis." 

Continue reading…

Are Your Vendors Violating HIPAA?

 Are Your Vendors Violating HIPAA? Why Internal HIPAA Compliance May Not Be Enough  Written by Holly Carnell, JD, and Meggan Bushee, JD, McGuire Woods | June 04, 2013. Beckers Hospital Review.

 

 

Continue reading…

HIPAA Checklist From Healthcare Law Firm

 "Perform ongoing monitoring of compliance with HIPAA privacy and security policies and take corrective actions if you detect non-compliance or ineffective processes."  OCR Scrutiny Continues – Are You Ready For the September Deadline?

Continue reading…

HIPAA Risk Analysis and Ongoing Risk Management Essential

   “[A] risk analysis, ongoing risk management, and routine information system reviews are the cornerstones of an effective HIPAA security compliance program.” HHS OCR Director Leon Rodriguez

Continue reading…

BA Causes HIPAA Data Breach for Presbyterian Anesthesia Associates

 More details from Presbyterian Anesthesia Associates breach, Kyle Murphy, PhD   |   Date May 15, 2013

"As the Security Breach Reporting Form reveals, the breach occurred on a server used by E-Dreamz, Inc., the Charlotte-based company hired by Presbyterian Anesthesia Associates to operate and maintain its e-commerce service. The medical practice has subsequently switched to a new service provider in the wake of the incidence."

Continue reading…

Fallout from failing to conduct a HIPAA risk analysis, Epstein Becker Green, Alaap B. Shah

 Fallout from failing to conduct a HIPAA risk analysis, Epstein Becker Green, Alaap B. Shah

"There are many reasons a healthcare entity dealing with protected health information (“PHI”) should conduct a risk analysis. First and foremost, if conducted properly, a risk analysis should identify PHI-containing systems, assess vulnerabilities of those systems, evaluate and prioritize risks to those systems, and assist in developing mitigation strategies to safeguard the systems. These on-going efforts can help ensure adequate protection of patients’ health information.

Continue reading…

Business Associates are now required to do a HIPAA risk assessment and remediate the risk.

Key compliance actions for the new HIPAA privacy regulations, Epstein Becker Green, Leah A. Roffman, Pamela D. Tyner and Patricia M. Wagner
"In order to meet their responsibilities, business associates are now required to perform risk analyses. Such risk analyses must be accurate and thorough assessments of potential risks and vulnerabilities to the confidentiality, integrity, and availability of the electronic PHI that the business associate creates, receives, maintains, or transmits. The Security Rule also compels corrective actions to minimize any identified risks and vulnerabilities."

Continue reading…

What your business needs to do about HIPAA—now Venable LLP Thora A. Johnson , Peter P. Parvis, Jennifer Spiegel Berman , Molly E. G. Ferraioli and Jessica E. Kuester

What your business needs to do about HIPAA—now,  Venable LLP, Thora A. Johnson , Peter P. Parvis, Jennifer Spiegel Berman , Molly E. G. Ferraioli and Jessica E. Kuester

 

Continue reading…