44% of CIOs say Business Associates Not Ready for "Meaningful Use":Pricewaterhouse Coopers Study Shows
44% of CIOs say they are concerned that the external vendors they rely on in health information exchanges are not prepared for meaningful use implementation according to a survey done by Pricewaterhouse Coopers.
Business Associates Liable for Breach of Their Business Associate Agreements, Effective February 17, 2010
Consequently, effective Feb. 18, 2010, the HITECH Act makes business associates both contractually liable to a covered entity for breach of the business associate agreement with the covered entity and civilly and criminally liable to the government for violations of those Security Rule requirements and the Privacy Rule's business associate agreement requirements.
OCR Issues Proposed Modifications to HIPAA Privacy and Security Rules
Do Note Breach Business Associate Agreements:Ford & Harrison LLP, Daniel Sulton
"Also the parties to a business associate agreement must include provisions in the agreement requiring the business associate to take reasonable steps to cure any material breach or violation of the business associate agreement between the business associate and a subcontractor, or terminate the contract."Ford & Harrison LLP Daniel Sulton
Healthcare Leads in Data Breaches:Transparency Needed
Of the 385 organizations hit with data breaches so far this year, 113 were in health care, according to the Identity Theft Resource Center's report for July 28. Just 39 breaches have been reported in banking and finance according to the ITRC. Experts cite a lack of compliance and improper data access by insiders as culprits.
"My Credit Card is Being Used Fradulently after Anthem Blue Cross HIPAA Data Breach"
"Three days ago, my credit card number was used fraudulently. Today I received a letter from Anthem telling me a breach had occured, leaking my social security number, name & credit card number."
No HIPAA Compliant Policies and Procedures Means "Willful Neglect"
Legal Review of New HIPAA HITECH Rules: Foley & Lardner
HHS releases proposed HITECH rule
Foley & Lardner LLP
On July 14, 2010, the Office for Civil Rights of the Department of Health and Human Services (HHS) published a Notice of Proposed Rulemaking (Proposed Rule) that proposes significant changes to the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security and Enforcement Rules.
Vendors: Can You Prove Your HIPAA HITECH Compliance?
"Vendors seeking to court healthcare clients will now need to pitch not only functionality but a compliance message as well." Report From the Trenches: Health IT Post-HITECH By Ed Moyle TechNewsWorld 07/20/10 5:00 AM PT
Top Privacy and Security Experts Agree: Business Associates Must Comply with HIPAA HITECH
"The rule makes it much clearer that the covered entities' responsibilities must go far beyond just having a business associate agreement," Rebecca Herold stresses. Instead, hospitals, clinics and others must work closely with their business partners to make sure they're carefully following the HIPAA privacy and security rules, she adds.
Signed a Business Associate Agreement?, Get Compliant, Says HHS
"For those business associates that have not already adopted HIPAA-compliant privacy and security standards for PHI, the risk of criminal and/or civil monetary penalties may spur them to increase their efforts to comply with privacy and security standards." Page 164 NPRM
HHS Expects Business Associates to be Compliant, Now!
This NPRM from HHS contains serious warnings to business associates that they expect them to be HIPAA HITECH compliant with their business associate agreements now, and if not, they should get started immediately.
NPRM (Notice Of Proposed Rule Making) Conference Call July 8: Not Much New
A 234 page NPRM document was released into the Federal Register, which I will wait for the experts to analyze.
Health Net Settles with Connecticut AG: Up to $750,000
Connecticut has settled a lawsuit with an insurance company involving a massive security breach that compromised financial and medical records for half-a-million state residents. Health Net still has to deal with OCR to determine further fines and penalties.
Failing to Train Business Associates on HIPAA Can be Described as Willful Neglect, Amy Leopard , Walter & Haverfield LLP
"Willful neglect generally can be described as knowing HIPAA rules but not properly training employees -- and now, business associates -- in them." Amy Leopard, a partner at the Cleveland law firm Walter & Haverfield LLPibed
Siemens to FedEx to Lincoln: Oops 130,495 Patient Records Breached by Two Business Associates.
Siemens to FedEx to Lincoln will never replace Tinkers to Evers to Chance, the famous baseball double play trio, since they dropped the ball, in fact 130,495 balls. Once again we have business associates causing a big breach.
Data Breach in October 2009 Caused by Third Party Vendor States Anthem Blue Cross on June 25, 2010
"Anthem officials said its corporate website had been revamped in October by a third-party vendor that, according to the health insurer, failed to secure sections of the site to ensure visitors couldn't access members' medical records and Social Security numbers." from a blog by Larry Barrett to eplanetsecurity, June 25, 2010
Business Associate (BA) Causes HIPAA HITECH Breach of Over 200,000 at Anthem Blue Cross
As we have been saying for months your business associates (BA) represent the highest risk to your PHI and just having a BA agreement in place isn't going to protect you in the event of a breach.
HIPAA HITECH Breach Prevention on Hold, Breach Notification in Force, Does this Make Sense?
In the same announcement that stated that enforcement of HIPAA HITECH and particularly sections relating to business associate liablity were delayed, it was announced that breach notification was being enforced. Isn't this the cart before the horse?
HIPAA-related HITECH regulations on July 8, "Lucy" and the football redux.
Lucy is telling all of us Charlie Browns that the HITECH regulations will be delivered by July 8th, hah!
Data Breach of 200,000 by Anthem Blue Cross
Another entrant on OCR's Wall of Shame as Anthem Blue Cross of Orange County California breaches 200,000 records.
HIPAA HITECH Regulations on June 26th, Rumor Says
HIPAA HITECH regulations to be released on June 26th. Another trial ballon or is this the real thing this time?
Copier Security Webinar June 11th, :CBS Evening News Report
Securing your copiers now and into the future is critical and Digital Copier Security and Compliance Helper will show you how.
OCR to Focus on Risk Mitigation, Who's In Charge?
Who is in charge of risk mitigation is an important question to ask, as the operators of the Deepwater Horizon found out.
Business Associates Waiting for HIPAA HITECH Clarification from HHS
Business Associates are avoiding HIPAA HITECH compliance due to HHS announcing "delay in enforcement".
Meaningful Use, "Folks are realizing they have to move ahead," states Dr. Lori Heim (AAFP)
HIPAA risk assessment is required to qualify for "meaningful use" so moving ahead should include risk assessment.
Proactive HIPAA HITECH Audits Coming Soon to Your Neighborhood
In the past HIPAA audits have been reactive or truthfully unactive, but OCR says they will be contracting for proactive audits by the end of the year.
Copier Security Webinar:CBS Evening News Report Stirs Congressional Action
CBS Evening news aired their second episode on the hidden problem of copier security and now Complianc Helper and Copier Security experts are presenting a Webinar on solutions.
Get Business Associates (BA) HIPAA HITECH compliant for $100
The HIPAA HITECH Compliance Cooperative (CO-OP) can get BA compliant for $125 and keep them compliant for $35 per month
HIPAA HITECH Data Breach by a business associate of a business associate
What happens when a business associate of a business associate has a data breach? The covered entity (CE) and the two BAs all get to appear in the news and on the OCR Wall of Shame.

Subscribe via RSS