Breach Notification Rule Business Associates

News & Analysis as of

HHS Issues Warning About Phishing Campaign Disguised As Official Communication

As part of its efforts to assess compliance with the HIPAA Privacy, Security and Breach Notification Rules, the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) engages in audits of covered...more

More on HIPAA Audits for 2016 and 2017–Desk Audits and On-Site Audits

As part of the ongoing HHS OCR HIPAA audit initiative, it is conducting “HIPAA desk audits.” These audits don’t involve auditors coming in your facility. Instead, covered entities are being asked to submit documents on...more

Cloud Service Providers Beware, You May Be Subject to HIPAA Without Knowing It

The use of cloud service providers has exploded in the past several years. According to estimates from Gartner, the market for cloud services is expected to reach $204 billion in 2016. But the use of cloud service providers...more

HHS Designates Cloud Service Providers as Business Associates Under HIPAA

Cloud service providers that process electronic protected health information (ePHI) are business associates under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), even if the PHI is encrypted and the...more

Recent HIPAA Settlements Highlight Importance Of Business Associate Agreements

Two related healthcare companies were forced to pay settlements with the federal government totaling over $500,000 over allegations relating to a data breach involving patient health information. Much of the negative...more

HHS-OCR Announces Guidance On HIPAA Compliance And Cloud Computing

On October 6, 2016, the Department of Health and Human Services Office for Civil Rights (“OCR”) issued guidance on complying with HIPAA privacy, security, and breach notification rules when using cloud computing technology...more

Healthcare Data Breach Enforcements and Fines At A Glance

The Department of Health and Human Services’ (“HHS”) Office for Civil Rights (“OCR”) is responsible for enforcing the Privacy and Security Rules of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”)....more

Taking Measure of HIPAA Enforcement

Last month, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) announced the largest settlement to date for alleged violations of the Health Insurance Portability and Accountability Act (HIPAA)....more

OCR Sets Sights on Smaller HIPAA Breaches

Covered entities and business associates can expect increased scrutiny for breaches of unsecured protected health information affecting fewer than 500 individuals. Starting August 2016, the U.S. Department of Health and Human...more

No HIPAA Hall Pass for Business Associates and Small Breaches

Phase 2 Audits of Business Associates: The Department of Health and Human Services, Office for Civil Rights (OCR) is in the process of conducting its phase 2 audits of Covered Entities and Business Associates. “Covered...more

OCR to Focus More Investigative Resources on Smaller HIPAA Breaches with Less Than 500 Individuals Affected

The Department of Health & Human Services (DHHS) Office of Civil Rights (OCR) recently announced it will devote more resources to investigate smaller HIPAA breaches. Before this announcement, OCR typically opened...more

HIPAA Phase 2 Audits: What Has OCR Requested from Auditees to Date?

In our April 8, 2016, advisory, we discussed the U.S. Department of Health and Human Services’ (HHS) Office of Civil Rights (OCR) “Phase 2” audit program. Then, we could only make educated guesses about what documents OCR...more

Ransomware May Be a Reportable HIPAA Breach

In 2016, more than 4000 ransomware or other malware attacks are occurring daily, a 300% increase since 2015. There have been reports of six hospitals that have been victims of ransomware in 2016. Ransomware is a type of...more

Smaller HIPAA Breaches To Get More Attention by Office for Civil Rights

The HIPAA breach notification rule has two buckets for classifying data breaches – those that involve “protected health information” (PHI) of 500 or more individuals and those that involve fewer than 500 individuals. Since...more

Guidance on Ransomware Attacks under HIPAA and State Data Breach Notification Laws

The US Department of Health and Human Services (HHS) has recently issued guidance under the Health Insurance Portability and Accountability Act (HIPAA) on what covered entities and business associates can do to prevent and...more

Advocate Health Care Network Agrees to Pay $5.55 Million to Settle Potential HIPAA Penalties

On August 4, 2016, the Office of Civil Rights (“OCR”) announced that Advocate Health Care Network (“Advocate”), Illinois’ largest fully-integrated health care system, has agreed to pay a record-breaking $5.55 million to...more

Largest Health & Human Services HIPAA Settlement Wake-Up Call for Covered Entities to Evaluate and Mitigate Risks

On Thursday, August 4, 2016, the U.S. Department of Health & Human Services, Office of Civil Rights (OCR) announced the largest settlement ever with a single entity for multiple potential Health Insurance Portability and...more

HHS OCR Guidance on Ransomware Attacks: They Constitute a “Security Incident” and Are Likely a Data Breach

On July 11, 2016, the HHS Office of Civil Rights (OCR) released guidance on HIPAA covered entities’ responsibilities in a ransomware attack, a type of cyber-attack that has targeted the health care sector extensively in...more

Ransomware Attack is a Breach – Unless You Can Prove Otherwise

Ransomware is the fastest growing malware threat in the United States, targeting simple home computers to elaborate corporate IT networks. The Federal Bureau of Investigation recently reported an increase in ransomware...more

Regulatory Authorities Launch The Second Phase Of The HIPAA Compliance Audit Program

As a part of its continued efforts to assess compliance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Breach Notification Rules, the Health and Human Services (HHS) Office for...more

The Long Anticipated HIPAA Audits Are Here!

Phase 2 HIPAA Audits, which the Department of Health and Human Services' Office of Civil Rights ("OCR") announced had "launched" back in March of this year, have now officially begun. On Monday, July 11, 2016, the first round...more

OCR Begins HIPAA Phase 2 Audits

What covered entities and business associates can do to prepare for the next round of audits. On July 11, the HIPAA Phase 2 audits commenced when 167 covered entities received notice of a desk audit from the Department...more

OCR Sends Notification Letters to Phase 2 HIPAA Auditees

On July 12, 2016, HHS’s Office for Civil Rights (OCR) distributed an e-mail discussing recent developments in Phase II of its HIPAA audit program....more

Entity Fined $650,000 in First HIPAA Settlement with a Business Associate

The possibility of business associates potentially being audited, investigated, and ultimately fined is now a reality. On June 24, 2016, the United States Department of Health and Human Services’ Office of Civil Rights...more

OCR Update: HIPAA Phase 2 Audit Notices—Responses Due July 22, 2016

On July 11, 2016, e-mail notification was sent to 167 covered entities alerting them of their inclusion in the desk audit portion of OCR’s 2016 HIPAA audit program. Selected covered entities must respond no later than July...more

50 Results
|
View per page
Page: of 2
JD Supra Readers' Choice 2016 Awards

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×