News & Analysis as of

Business Associates

Business Associates can refer broadly to individuals engaged in business relationships with one another. However, in the HIPAA context, the term has a specific statutory meaning and those characterized as... more +
Business Associates can refer broadly to individuals engaged in business relationships with one another. However, in the HIPAA context, the term has a specific statutory meaning and those characterized as business associates have expanded data protection obligations and duties. Essentially, a business associate under HIPAA is a person or entity that performs certain functions or services which necessitates exposure to protected health information on behalf of a covered entity. Typical business associate functions include: claims processing or administration, data analysis, billing, etc.    less -

Five Takeaways from the OCR Reminder on HIPAA Obligations In Ransomware Incidents

by Poyner Spruill LLP on

Apparently prompted by the recent high-profile wave of ransomware attacks, the Department of Health and Human Services’ Office of Civil Rights (OCR) has reminded hospitals, healthcare systems, and other covered entities and...more

How Can Healthcare Organizations Prepare for the Next Cyberattack?

by Latham & Watkins LLP on

HHS OCR issues checklist, iterative guidance in wake of WannaCry and Petya attacks; Anthem breach settlement provides additional lessons. Key Points: ..Healthcare organizations are particularly vulnerable to ransomware...more

Healthcare Business Associates

by Bryan Cave on

The Health Information Technology for Economic and Clinical Health (“HITECH”) Act modified the Health Insurance Portability and Accountability Act (“HIPAA”) by expanding the definition of Business Associates (“BA”) and their...more

HHS Publishes Health Care Cyber Attack Checklist

by Tucker Arensberg, P.C. on

HHS has published a very brief guide, in the form of a checklist, to explain the steps for a HIPAA covered entity or business associate to take in response to a cyber related security incident. You can access the checklist at...more

Healthcare Data Breach Enforcements and Fines

by Bryan Cave on

The Department of Health and Human Services’ (“HHS”) Office for Civil Rights (“OCR”) is responsible for enforcing the Privacy and Security Rules of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”)....more

HIPAA Settlements in April and May Highlight Key Compliance Concerns for OCR

by Williams Mullen on

After a break in March with no new settlement agreements, OCR returned in April and May with quite a few. The Health Care Data Aware Blog already posted about a $400,000 OCR settlement released April 12, 2017, which can be...more

My Entity Just Experienced a Cyber-Attack! What Do We Do Now?

by Balch & Bingham LLP on

On June 9, 2017, the U.S. Department of Health and Human Services (HHS), Office of Civil Rights (OCR) released a cyber-attack “Quick Response” checklist (the Checklist) for the benefit of HIPAA covered entities and business...more

OCR Releases Checklist On What To Do Following A Cyber Attack

by Murtha Cullina on

Since the WannaCry ransomware virus spread rapidly across the globe, businesses, both large and small, are again focusing on cyber-security. In a previous bulletin, we detailed five things that a business can do to help...more

OCR Publishes Checklist and Infographic for Cyber Attack Response

OCR released a simple checklist and infographic last week to assist Covered Entities and Business Associates with responding to potential cyber attacks. As cybersecurity remains a pressing concern for health care entities,...more

Impermissible Disclosure of HIV Information Results in $387,000 HIPAA Settlement

by Saul Ewing LLP on

St. Luke’s-Roosevelt Hospital Center, Inc. (SLRHC), a member of the New York-based Mount Sinai Health System, paid $387,000 to the U.S. Department of Health and Human Services (HHS) and entered into a corrective action plan...more

HIPAA Enforcement Update (February 2017 – April 2017)

by Locke Lord LLP on

In recent months, the Department of Health and Human Services, Office for Civil Rights (OCR) has announced four settlement agreements and one civil monetary penalty to resolve allegations of Health Insurance Portability and...more

Potential HIPAA Pitfalls for Developers of Healthcare Apps

by Perkins Coie on

As federal and state governments struggle to address future healthcare regulation, demand for healthcare that is cheaper, better and faster continues to surge. Every day, new healthcare apps are being developed to respond...more

HHS OCR Resumes HIPAA Enforcement Action Announcements: Four New Settlements and Penalties Totaling More than $5 million in a One...

by Arnall Golden Gregory LLP on

After a pause of nearly two months, the Department of Health and Human Services Office of Civil Rights (HHS OCR) has resumed its announcement of settlements for alleged HIPAA violations, with four new settlement agreements...more

Health Entity Settles with OCR for Alleged Failure to Maintain a Business Associate Agreement

by King & Spalding on

The Center for Children’s Digestive Health (CCDH) recently paid the HHS Office for Civil Rights (OCR) $31,000 and entered into a corrective action plan to settle potential violations of HIPAA for an alleged failure to...more

Tips for Ensuring Your Organization Is HIPAA Compliant Amid Increased Enforcement Activity

Thus far in 2017, the U.S. Department of Health and Human Service’s Office for Civil Rights has continued the step-up in HIPAA enforcement activity we saw in 2016 and appears on track to exceed 2016’s enforcement...more

Failure to Ensure Vendor Safeguarded Protected Health Information Costs Small Health Care Provider $31,000

by Reed Smith on

Having proper internal systems and procedures in place to manage data security is essential for organizations storing personal information in any industry. But health care organizations that rely on external vendors to...more

2017 HIPAA Enforcement – Appears Not To Be Slowing Down

by Snell & Wilmer on

To state the obvious, there has been some uncertainty regarding how the Trump Administration will affect federal agency enforcement efforts. However, at least, in regard to HIPAA Privacy and Security, the U.S. Department of...more

Button up Your Business Associates Agreements or Pay the Price

by Bryan Cave on

Last month, the Office of Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) announced a resolution agreement with the Center for Children’s Digestive Health (CCDH) which included a $31,000...more

Settlement Highlights Need for HIPAA-Covered Entities to Have Business Associate Agreements in Place with PHI Vendors

by Dickinson Wright on

The Department of Health and Human Services’ Office for Civil Rights (ORC) announced an agreement to settle possible Health Insurance Portability and Accountability Act (HIPAA) violations with The Center for Children’s...more

Your Business Associates Hold Your HIPAA Compliance Future In Their Hands: Eleven Things You Can Do

by Fox Rothschild LLP on

Our partner Elizabeth Litten and I were recently featured again by our good friend Marla Durben Hirsch in her article in the April 2017 issue of Medical Practice Compliance Alert entitled “Business associates who farm out...more

Another HIPAA Settlement: Stolen Laptop Costs $2.5 Million Plus Encryption Requirement

by Perkins Coie on

The U.S. Department of Health and Human Services (HHS) recently announced yet another HIPAA privacy and security settlement involving Protected Health Information (PHI) on a stolen laptop. Although this might be seen as just...more

$2.5 Million Settlement Reached as HIPAA Crackdown Continues on Unsecured Portable Devices

by Jones Day on

A recent settlement of $2.5 million for alleged violations of the Health Insurance Portability and Accountability Act ("HIPAA") continues a trend of government enforcement targeting health care providers and vendors that fail...more

A Draft Won’t Do: OCR Settles with CardioNet $2.5m for Failing to Finalize Policies and Procedures

On April 24, 2017, the Department of Health and Human Services’ Office for Civil Rights (“OCR”) announced that CardioNet, a provider of remote mobile monitoring and rapid response services to patients at risk for cardiac...more

Two HIPAA Mistakes Lead to Fines from OCR

It was a busy April for the Office for Civil Rights (“OCR”) (see our prior post on a settlement from earlier in April). On April 20, OCR announced a Resolution Agreement with Center for Children’s Digestive Health, S.C....more

First HIPAA Settlement Involving Wireless Health Services Provider

by Poyner Spruill LLP on

We have previously written that the Internet of Things continues to spawn new cybersecurity and privacy concerns. These vulnerabilities have already served as plot devices for shows such as Homeland. Now, the U.S. Department...more

452 Results
|
View per page
Page: of 19
Cybersecurity

"My best business intelligence,
in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.