HIPAA HITETCH Compliance Blog Archive

Business Associates are now required to do a HIPAA risk assessment and remediate the risk.

Key compliance actions for the new HIPAA privacy regulations, Epstein Becker Green, Leah A. Roffman, Pamela D. Tyner and Patricia M. Wagner
"In order to meet their responsibilities, business associates are now required to perform risk analyses. Such risk analyses must be accurate and thorough assessments of potential risks and vulnerabilities to the confidentiality, integrity, and availability of the electronic PHI that the business associate creates, receives, maintains, or transmits. The Security Rule also compels corrective actions to minimize any identified risks and vulnerabilities."

Continue reading…

What your business needs to do about HIPAA—now Venable LLP Thora A. Johnson , Peter P. Parvis, Jennifer Spiegel Berman , Molly E. G. Ferraioli and Jessica E. Kuester

What your business needs to do about HIPAA—now,  Venable LLP, Thora A. Johnson , Peter P. Parvis, Jennifer Spiegel Berman , Molly E. G. Ferraioli and Jessica E. Kuester

 

Continue reading…

Get Set: New HIPAA has Teeth

 

 “Providers should identify all of their vendors with access to personal health records and ensure they are protecting it according to the new HIPAA rule.” Jorge Rey, an associate principal and the director of information security and compliance for Kaufman, Rossin

Continue reading…

HIPAA HITECH Business Associate Agreements

Business Associate agreements must contain provisions for compliance with the Security Rule and probably the Privacy Rule as well and they must require that the  business associate have BAAs with their sub-contractors, says Drinker Biddle & Reath LLP, in an article titled "Business associate provisions under HIPAA Omnibus Rule."

Continue reading…

CEs: Make Sure Your Business Associates Are HIPAA Compliant

 

New HIPAA rule will bring more enforcement action, expert says, Diana Manos is Senior Editor for Healthcare IT News, “Providers should identify all of their vendors with access to personal health records and ensure they are protecting it according to the new HIPAA rule.”Jorge Rey, an associate principal and the director of information security and compliance for Kaufman, Rossin, 

 

Continue reading…

Employee Benefit Plans Need to Check Business Associate HIPAA Compliance

Plan sponsors should note that the Omnibus Rule expands the definition of business associate and those parties subject to HIPAA’s Privacy and Security Rules and applies HIPAA’s civil and criminal penalties directly to business associates. Under the Omnibus Rule, business associates, including subcontractors of business associates, are directly liable for compliance with the Privacy and Security Rules if they create, receive, maintain or transmit PHI on behalf of the company or the plan. Such business associates for group health plans may include: Brokers; Consultants; Attorneys, Third-party administrators; and Health information organizations, e-prescribing gateways and other entities that transmit protected health information or access PHI. 

Continue reading…

Business Associate HIPAA Compliance

"Of greatest significance to Business Associates is the requirement to implement administrative, physical, and technical safeguards to comply with the HIPAA Security Regulations as if they were Covered Entities." Business associate HIPAA compliance, Lathrop & Gage LLP, Stacy N. Harper 

Continue reading…

BA Tracker Helps Covered Entities and Business Associates with HIPAA HITECH Compliance

 Covered entities need "satisfactory assurances" that their business associates are HIPAA HITECH compliant and business associate need to be able to provide proof of on-going compliance.  BA Tracker helps both.

Continue reading…

Business Associate Size Matters for HIPAA HITECH

 HIPAA allows the Business Associate to take into account their size and complexity when deciding how to comply with the Security Rule.

"For instance, in deciding which security measures to implement, a BA may take into consideration its size, capabilities, the costs of the specific security measures, and the operational impact. BAs should note that as part of their compliance with the administrative safeguards, BAs must perform their own risk analyses, establish a risk management program, and designate a security officer, as well as have in place written policies and procedures, conduct employee training, and document compliance with the requirements."Changes affecting who is a business associate and new business associate obligations." Polsinelli Shughart PC, Thomas P. O'Donnell, Erin Fleming Dunlap, Rebecca L. Frigy and Matthew J. Murer 

Continue reading…

CEs: Beware Your Business Associates

 The owners of a medical billing practice, a business associate, and four pathology groups, covered entities whose patient information was all improperly disposed, will collectively pay $140,000 to settle the claims.  The settlement agreement requires each pathology group to vet all business associates, ensuring they have a written information security plan and the practices described are sufficient to comply with the groups’ obligations to protect personal information and PHI.  The groups must also execute business associate agreements before disclosing any PI or PHI to service providers.  

Continue reading…

HIPAA Business Associates: Waiting Is No Longer An Option, Vorys Sater Seymour and Pease LLP J. Liam Gruzs

 HIPAA business associates who have not been paying attention since HITECH need to take notice.  The timeframe for compliance is less than nine months.  For those business associates who had been hoping for relief in the Final Rule (or simply have had their head in the sand for four years), waiting is no longer an option.HIPAA final rule clarifies business associate obligations Vorys Sater Seymour and Pease LLP, J. Liam Gruzs January 28 2013

 
 
 
 

Continue reading…

Business Associates Need Proof of HIPAA HITECH Compliance

"Potential liability concerns and fear of being held responsible for a subcontractor’s mistakes in a breach will be enough to change the BAA decision-making process for healthcare organizations", according to Dianne Bourque, partner at Mintz Levin and HIPAA expert.

Continue reading…

Small Firms: Big HIPAA Troubles

Small Firms, Big HIPAA Troubles? Business Associates Need to Get Serious About Security, By Marianne Kolbasuk McGee, January 29, 2013.  This is a very forthright and timely call to action for not only business associates, but also their covered entities.  Fortunately there are cost effective and efficient solutionss for both  With the SaaS model templates of needed policies,  procedures, and forms can be accessed and edited in a step by step process overseen by a privacy and security expert.  The compliance activities are then measured and delivered through the Compliance Meter(tm), allowing the covered entity to monitor the on-going compliance of their business associates.

Here is the link to the article:

http://www.healthcareinfosecurity.com/blogs/small-firms-big-hipaa-troubles-p-1412/p-2

Continue reading…

The Final Rule on HIPAA HITECH is here!

 After almost 4 years from the passing of the HITECH Act amending and broadening HIPAA we finally have The Final Rule.  I goes into effect on March 25 and all business associates and their subs must be HIPAA HITECH compliant by September 25, 2013.  HHS estimates 200,000 to 400,000 business associates must get compiant in this timeframe.  It should be interesting.

Continue reading…

HIPAA Business Associate Data Breach

 HIPAA business associate Omnicell causes data breach of over 68,000 patient records.  The recurring theme of the theft of an unencrpted laptop from an employees car demostrates the lack of HIPAA compliance at many business associates.  Covered entities are being warned that they must monitor the HIPAA compliance levels of their business associates.

Continue reading…

2013 HIPAA HITECH Year of Reckoning for Business Associates.

 The Supremes have spoken, the voters have spoken, and soon HHS and OMB will speak.  The message is that Obamacare, HIPAA HITECH, Meaningful Use, and the Omnibus Bill are here to stay and that business associates and sub contractors will have to get HIPAA compliant in 2013.

Continue reading…

Omnibus Package will address Business Associate HIPAA Compliance

 

Some observers expect that publication will happen soon now that the election is over. "I am cautiously optimistic for publication in December," says Adam Greene, a former OCR official who now is a partner at the law firm Davis Wright Tremaine.
"The opportunity to revisit business associate agreements will provide health care organizations an opportunity to revisit and improve their management of vendor privacy and security, which has proven to be a real weak link for many organizations," he says
 
 

Continue reading…

Election Over: Time for HIPAA HITECH Rules

 Now that SCOTUS and POTUS have been settled it is time for healthcare to get serious about HIPAA HITECH compliance.  There are no more plausible reasons to put off publishing the rules.  For the people in denial their white kight will not appear to sweep away ACA or HITECH.

Continue reading…

Smart Business Associates Getting HIPAA HITECH Compliant, Now!

 There is a marketing advantage for a business associate who can prove HIPAA HITECH compliance, now.  Scores have signed up for our SaaS services and many display our Compliance Meter (tm) on their website.  Some came to us because a covered entity required proof of HIPAA HITECH compliance while others made a pre-emptive move to gain a marketing advantage.

Continue reading…

HIPAA's Unanswered Questions: Kirk J. Nahra September 2012 | Privacy In Focus

 Another month goes by without the publication of the final Health Insurance Portability and Accountability/ Health Information Technology for Economic and Clinical Health (HIPAA/HITECH) rules.  It’s now been three and a half years since the HITECH statute was passed and more than two years since the proposed HITECH rules were published in July of 2010.  And there’s no clear end in sight to this delay.

Continue reading…