HIPAA Blog Posts: HIPAA Business Associates
HIPAA in the cloud: storing PHI may make you a business associate under HIPAA Winston & Strawn LLP Linda Lemel Hoseman and Liisa M. Thomas
HIPAA in the cloud: storing PHI may make you a business associate under HIPAA, Winston & Strawn LLP Linda Lemel Hoseman and Liisa M. Thomas
"Now that HHS and Amazon are working together, covered entities should find CSPs more receptive to entering into business associate agreements."Business associate agreements: more readily accepted by cloud service providers? Maybe Baker & Hostetler LLP, Lynn Sessions and Michael R. Young
Think you’re not covered by HIPAA? Think again. Morrison & Foerster LLP Andrew B. Serwin , Peter F. McLaughlin and Melissa M. Crespo
"This means that the Security Rule, the Breach Notification Rule, and certain provisions of the Privacy Rule now apply directly to Business Associates, with the potential for enforcement by HHS directly against the Business Associate. As a result, Business Associates are now required to conduct a risk analysis to assess the nature and volume of electronic PHI ("ePHI") and the risks of unauthorized use or disclosure of PHI. They must implement administrative, technical, and physical safeguards appropriate to the risks and vulnerabilities identified in the risk analysis."
Are Your Vendors Violating HIPAA? Why Internal HIPAA Compliance May Not Be Enough Written by Holly Carnell, JD, and Meggan Bushee, JD, McGuire Woods | June 04, 2013. Beckers Hospital Review.
"Perform ongoing monitoring of compliance with HIPAA privacy and security policies and take corrective actions if you detect non-compliance or ineffective processes." OCR Scrutiny Continues – Are You Ready For the September Deadline?
“[A] risk analysis, ongoing risk management, and routine information system reviews are the cornerstones of an effective HIPAA security compliance program.” HHS OCR Director Leon Rodriguez
More details from Presbyterian Anesthesia Associates breach, Kyle Murphy, PhD | Date May 15, 2013
"As the Security Breach Reporting Form reveals, the breach occurred on a server used by E-Dreamz, Inc., the Charlotte-based company hired by Presbyterian Anesthesia Associates to operate and maintain its e-commerce service. The medical practice has subsequently switched to a new service provider in the wake of the incidence."
Fallout from failing to conduct a HIPAA risk analysis, Epstein Becker Green, Alaap B. Shah
"There are many reasons a healthcare entity dealing with protected health information (“PHI”) should conduct a risk analysis. First and foremost, if conducted properly, a risk analysis should identify PHI-containing systems, assess vulnerabilities of those systems, evaluate and prioritize risks to those systems, and assist in developing mitigation strategies to safeguard the systems. These on-going efforts can help ensure adequate protection of patients’ health information.
What your business needs to do about HIPAA—now Venable LLP Thora A. Johnson , Peter P. Parvis, Jennifer Spiegel Berman , Molly E. G. Ferraioli and Jessica E. Kuester
What your business needs to do about HIPAA—now, Venable LLP, Thora A. Johnson , Peter P. Parvis, Jennifer Spiegel Berman , Molly E. G. Ferraioli and Jessica E. Kuester