HIPAA HITETCH Compliance Blog Archive

HIPAA Checklist From Healthcare Law Firm

 "Perform ongoing monitoring of compliance with HIPAA privacy and security policies and take corrective actions if you detect non-compliance or ineffective processes."  OCR Scrutiny Continues – Are You Ready For the September Deadline?

Continue reading…

HIPAA Risk Analysis and Ongoing Risk Management Essential

   “[A] risk analysis, ongoing risk management, and routine information system reviews are the cornerstones of an effective HIPAA security compliance program.” HHS OCR Director Leon Rodriguez

Continue reading…

BA Causes HIPAA Data Breach for Presbyterian Anesthesia Associates

 More details from Presbyterian Anesthesia Associates breach, Kyle Murphy, PhD   |   Date May 15, 2013

"As the Security Breach Reporting Form reveals, the breach occurred on a server used by E-Dreamz, Inc., the Charlotte-based company hired by Presbyterian Anesthesia Associates to operate and maintain its e-commerce service. The medical practice has subsequently switched to a new service provider in the wake of the incidence."

Continue reading…

Fallout from failing to conduct a HIPAA risk analysis, Epstein Becker Green, Alaap B. Shah

 Fallout from failing to conduct a HIPAA risk analysis, Epstein Becker Green, Alaap B. Shah

"There are many reasons a healthcare entity dealing with protected health information (“PHI”) should conduct a risk analysis. First and foremost, if conducted properly, a risk analysis should identify PHI-containing systems, assess vulnerabilities of those systems, evaluate and prioritize risks to those systems, and assist in developing mitigation strategies to safeguard the systems. These on-going efforts can help ensure adequate protection of patients’ health information.

Continue reading…

Business Associates are now required to do a HIPAA risk assessment and remediate the risk.

Key compliance actions for the new HIPAA privacy regulations, Epstein Becker Green, Leah A. Roffman, Pamela D. Tyner and Patricia M. Wagner
"In order to meet their responsibilities, business associates are now required to perform risk analyses. Such risk analyses must be accurate and thorough assessments of potential risks and vulnerabilities to the confidentiality, integrity, and availability of the electronic PHI that the business associate creates, receives, maintains, or transmits. The Security Rule also compels corrective actions to minimize any identified risks and vulnerabilities."

Continue reading…

What your business needs to do about HIPAA—now Venable LLP Thora A. Johnson , Peter P. Parvis, Jennifer Spiegel Berman , Molly E. G. Ferraioli and Jessica E. Kuester

What your business needs to do about HIPAA—now,  Venable LLP, Thora A. Johnson , Peter P. Parvis, Jennifer Spiegel Berman , Molly E. G. Ferraioli and Jessica E. Kuester

 

Continue reading…

Get Set: New HIPAA has Teeth

 

 “Providers should identify all of their vendors with access to personal health records and ensure they are protecting it according to the new HIPAA rule.” Jorge Rey, an associate principal and the director of information security and compliance for Kaufman, Rossin

Continue reading…

HIPAA HITECH Business Associate Agreements

Business Associate agreements must contain provisions for compliance with the Security Rule and probably the Privacy Rule as well and they must require that the  business associate have BAAs with their sub-contractors, says Drinker Biddle & Reath LLP, in an article titled "Business associate provisions under HIPAA Omnibus Rule."

Continue reading…

CEs: Make Sure Your Business Associates Are HIPAA Compliant

 

New HIPAA rule will bring more enforcement action, expert says, Diana Manos is Senior Editor for Healthcare IT News, “Providers should identify all of their vendors with access to personal health records and ensure they are protecting it according to the new HIPAA rule.”Jorge Rey, an associate principal and the director of information security and compliance for Kaufman, Rossin, 

 

Continue reading…

Employee Benefit Plans Need to Check Business Associate HIPAA Compliance

Plan sponsors should note that the Omnibus Rule expands the definition of business associate and those parties subject to HIPAA’s Privacy and Security Rules and applies HIPAA’s civil and criminal penalties directly to business associates. Under the Omnibus Rule, business associates, including subcontractors of business associates, are directly liable for compliance with the Privacy and Security Rules if they create, receive, maintain or transmit PHI on behalf of the company or the plan. Such business associates for group health plans may include: Brokers; Consultants; Attorneys, Third-party administrators; and Health information organizations, e-prescribing gateways and other entities that transmit protected health information or access PHI. 

Continue reading…

Business Associate HIPAA Compliance

"Of greatest significance to Business Associates is the requirement to implement administrative, physical, and technical safeguards to comply with the HIPAA Security Regulations as if they were Covered Entities." Business associate HIPAA compliance, Lathrop & Gage LLP, Stacy N. Harper 

Continue reading…

BA Tracker Helps Covered Entities and Business Associates with HIPAA HITECH Compliance

 Covered entities need "satisfactory assurances" that their business associates are HIPAA HITECH compliant and business associate need to be able to provide proof of on-going compliance.  BA Tracker helps both.

Continue reading…

Business Associate Size Matters for HIPAA HITECH

 HIPAA allows the Business Associate to take into account their size and complexity when deciding how to comply with the Security Rule.

"For instance, in deciding which security measures to implement, a BA may take into consideration its size, capabilities, the costs of the specific security measures, and the operational impact. BAs should note that as part of their compliance with the administrative safeguards, BAs must perform their own risk analyses, establish a risk management program, and designate a security officer, as well as have in place written policies and procedures, conduct employee training, and document compliance with the requirements."Changes affecting who is a business associate and new business associate obligations." Polsinelli Shughart PC, Thomas P. O'Donnell, Erin Fleming Dunlap, Rebecca L. Frigy and Matthew J. Murer 

Continue reading…

CEs: Beware Your Business Associates

 The owners of a medical billing practice, a business associate, and four pathology groups, covered entities whose patient information was all improperly disposed, will collectively pay $140,000 to settle the claims.  The settlement agreement requires each pathology group to vet all business associates, ensuring they have a written information security plan and the practices described are sufficient to comply with the groups’ obligations to protect personal information and PHI.  The groups must also execute business associate agreements before disclosing any PI or PHI to service providers.  

Continue reading…

HIPAA Business Associates: Waiting Is No Longer An Option, Vorys Sater Seymour and Pease LLP J. Liam Gruzs

 HIPAA business associates who have not been paying attention since HITECH need to take notice.  The timeframe for compliance is less than nine months.  For those business associates who had been hoping for relief in the Final Rule (or simply have had their head in the sand for four years), waiting is no longer an option.HIPAA final rule clarifies business associate obligations Vorys Sater Seymour and Pease LLP, J. Liam Gruzs January 28 2013

 
 
 
 

Continue reading…

Business Associates Need Proof of HIPAA HITECH Compliance

"Potential liability concerns and fear of being held responsible for a subcontractor’s mistakes in a breach will be enough to change the BAA decision-making process for healthcare organizations", according to Dianne Bourque, partner at Mintz Levin and HIPAA expert.

Continue reading…

Small Firms: Big HIPAA Troubles

Small Firms, Big HIPAA Troubles? Business Associates Need to Get Serious About Security, By Marianne Kolbasuk McGee, January 29, 2013.  This is a very forthright and timely call to action for not only business associates, but also their covered entities.  Fortunately there are cost effective and efficient solutionss for both  With the SaaS model templates of needed policies,  procedures, and forms can be accessed and edited in a step by step process overseen by a privacy and security expert.  The compliance activities are then measured and delivered through the Compliance Meter(tm), allowing the covered entity to monitor the on-going compliance of their business associates.

Here is the link to the article:

http://www.healthcareinfosecurity.com/blogs/small-firms-big-hipaa-troubles-p-1412/p-2

Continue reading…

The Final Rule on HIPAA HITECH is here!

 After almost 4 years from the passing of the HITECH Act amending and broadening HIPAA we finally have The Final Rule.  I goes into effect on March 25 and all business associates and their subs must be HIPAA HITECH compliant by September 25, 2013.  HHS estimates 200,000 to 400,000 business associates must get compiant in this timeframe.  It should be interesting.

Continue reading…

HIPAA Business Associate Data Breach

 HIPAA business associate Omnicell causes data breach of over 68,000 patient records.  The recurring theme of the theft of an unencrpted laptop from an employees car demostrates the lack of HIPAA compliance at many business associates.  Covered entities are being warned that they must monitor the HIPAA compliance levels of their business associates.

Continue reading…

2013 HIPAA HITECH Year of Reckoning for Business Associates.

 The Supremes have spoken, the voters have spoken, and soon HHS and OMB will speak.  The message is that Obamacare, HIPAA HITECH, Meaningful Use, and the Omnibus Bill are here to stay and that business associates and sub contractors will have to get HIPAA compliant in 2013.

Continue reading…