Business Associates Dept. of Health and Human Services

Business Associates can refer broadly to individuals engaged in business relationships with one another. However, in the HIPAA context, the term has a specific statutory meaning and those characterized as... more +
Business Associates can refer broadly to individuals engaged in business relationships with one another. However, in the HIPAA context, the term has a specific statutory meaning and those characterized as business associates have expanded data protection obligations and duties. Essentially, a business associate under HIPAA is a person or entity that performs certain functions or services which necessitates exposure to protected health information on behalf of a covered entity. Typical business associate functions include: claims processing or administration, data analysis, billing, etc.    less -
News & Analysis as of

HIPAA and Text Messaging

Text messaging is pervasive. Doctors and other health care providers, covered entities, and business associates currently use (and embrace) the technology. Texting is easy, fast and efficient. It doesn’t require a laptop...more

HHS’ Selection of Contractor Provides Latest Update on Impending Second Round of HIPAA Audits

On October 27, 2015, a U.S. Department of Health and Human Services (“HHS”) official stated that the agency has hired FCi Federal, a provider of management and professional services to government agencies in Ashburn, VA, to...more

OIG Reports Insufficient Oversight Of HIPAA Compliance

The HHS Office for Civil Rights (OCR) must improve its oversight and enforcement of patient information privacy and security rules by “covered entities” and their business associates under the Health Information Portability...more

Is Your HIPAA Compliance Program Ready for the FTC?

Everyone in healthcare knows that the next round of HIPAA audits is coming. Covered entities and business associates have long been advised to review and update their HIPAA security risk analyses, have business associate...more

Get Your Questions Ready

A lot has changed since the HIPAA Privacy Rule was finalized in 2002 and the HIPAA Security Rule was finalized a year later in 2003. The iPhone had not been released (that happened in 2007), Apple had just released the...more

Blog: HHS To Launch New HIPAA Audits in Early 2016 in Response to OIG Reports

The Office of Inspector General (OIG) of the U.S. Department of Health and Human Services (HHS) issued two reports yesterday calling for the HHS Office of Civil Rights (OCR) to strengthen its Health Insurance Portability and...more

Cure of Security Rule Violations Following Breach of EPHI Cannot Save Covered Entities from $750,000 Settlement; Non-Breach...

More than three years after the Cancer Care Group, P.C. (“CCG”) notified the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) of a breach of unsecured electronic protected health...more

Don’t Wait for It; Recent HIPAA Enforcement Action Signal More to Come in Phase 2 Audits

Officials at the U.S. Department of Health and Human Services Office of Civil Rights (HHS OCR) have recently selected a vendor to conduct the second wave of HIPAA audits. These so-called “Phase 2 Audits” are set to commence...more

St. Elizabeth’s Medical Center Pays $218,400 to Settle Alleged HIPAA Security Case Stemming from Use of Cloud-Based Document...

Alleged HIPAA Violations Resulted from Medical Center’s Failure to Risk Assess Internet-Based Document Sharing Application and Inadequate Breach Response. The US Department of Health and Human Services (HHS) Office for...more

Blog: HIPAA FAQ Series: Are Covered Entities and Business Associates Required to Encrypt PHI?

The Health Insurance Portability and Accountability Act (HIPAA) mandates that both Covered Entities and Business Associates protect the security of Protected Health Information (PHI) in a variety of ways. Specifically,...more

ONC Releases Privacy and Security Guidance Geared Toward Small Providers

The HHS Office of the National Coordinator for Health Information Technology (“ONC”) recently released a new and improved version 2.0 of their Guide to Privacy and Security of Electronic Health Information. This revamped...more

OCR Enforcement of HIPAA Affects Entities of all Sizes Small Pharmacy Enters into Latest Settlement

U.S. Department of Health and Human Services (HHS) announced late last week that Cornell Prescription Pharmacy (Cornell) agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996...more

OCR Announces Another HIPAA Settlement and Warns Not to Forget About Paper Records

On April 27, 2015, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) announced that Cornell Prescription Pharmacy (“Cornell Pharmacy”) had entered into a resolution agreement to settle,...more

HIPAA Rules and Procedures in the Event of a Data Breach, Part Two

My last post focused on the discovery and investigation of a data security breach to determine if breach notification is needed. Today’s post now turns to the requirements of breach notification triggered by a data security...more

Pressure Points: OCR Enforcement Activity in 2014

During 2014, the Office for Civil Rights (OCR) of the U.S. Department of Health & Human Services initiated six enforcement actions in response to security breaches reported by entities covered by the Health Insurance...more

Ebola Outbreak Prompts HHS Bulletin on Application of HIPAA During Emergencies

The Health Insurance Portability and Accountability Act (HIPAA) was enacted by Congress and signed by President Bill Clinton in 1996. According to the U.S. Department of Health and Human Services (HHS), the HIPAA Privacy Rule...more

Preparing for HIPAA Compliance Audits

The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), the office responsible for administering and enforcing the Health Insurance Portability and Accountability Act of 1996 (HIPAA), will...more

HIPAA Privacy in Emergency Situations

In light of the Ebola outbreak and other events, the U.S. Department of Health and Human Services, Office for Civil Rights, released a bulletin to ensure HIPAA covered entities are aware of the ways in which patient...more

Health Headlines: Also in the News - November 2014 #3

HHS Releases Bulletin Clarifying HIPAA Privacy Rule in Emergency Situations – In light of the recent Ebola outbreak, HHS released a bulletin on November 10, 2014 “to ensure that HIPAA covered entities and their...more

Health Update - November 2014

“Healthcare-Related” Calls: Ambiguity at the Intersection of HIPAA and TCPA - Editor’s Note: The Federal Communications Commission (FCC) has established exemptions from certain requirements of the Telephone Consumer...more

HHS Issues Special HIPAA Guidance for Ebola Outbreak

The U.S. Department of Health and Human Services ("HHS"), Office for Civil Rights ("OCR"), released a bulletin last week addressing how covered entities (including certain health care providers and employer group health...more

Data, Privacy & Security Practice Report – Also in the News: November 2014

Office for Civil Rights Releases HIPAA Bulletin in Light of Ebola Outbreak – The U.S. Department of Health and Human Services Office for Civil Rights released a bulletin today reminding HIPAA covered entities and...more

Health Care Providers Responding to Ebola: HHS Issues Guidance Reminding Covered Entities that HIPAA Allows the Sharing of PHI in...

The Department of Health and Human Services (“HHS”) Office of Civil Rights (“OCR”) has issued guidance to remind HIPAA-covered entities of the ways in which they are permitted under HIPAA to share protected health information...more

HHS Explains Privacy Rule in Emergency Situations

On November 10, 2014, the U.S. Department of Health and Human Services (HHS) issued a bulletin reminding covered entities and business associates of how they may disclose patient information for public health activities or in...more

HIPAA Business Associate Agreements – Reminder of September 22, 2014 Deadline

On January 17, 2013, the U.S. Department of Health and Human Services (HHS) issued a final rule under HIPAA making substantial changes to the rules for vendors that provide services to HIPAA-covered plans, such as third-party...more

99 Results
|
View per page
Page: of 4

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×