News & Analysis as of

Business Associates Health Insurance Portability and Accountability Act

Business Associates can refer broadly to individuals engaged in business relationships with one another. However, in the HIPAA context, the term has a specific statutory meaning and those characterized as... more +
Business Associates can refer broadly to individuals engaged in business relationships with one another. However, in the HIPAA context, the term has a specific statutory meaning and those characterized as business associates have expanded data protection obligations and duties. Essentially, a business associate under HIPAA is a person or entity that performs certain functions or services which necessitates exposure to protected health information on behalf of a covered entity. Typical business associate functions include: claims processing or administration, data analysis, billing, etc.    less -

It’s Just Plain Risky Not to Do A Risk Analysis: Recent OCR Settlement One of Several Resulting from Failure to Analyze and...

by Williams Mullen on

On April 12, 2017, the Office for Civil Rights (“OCR”) announced a settlement and corrective action plan with a Colorado federally-qualified health center, Metro Community Provider Network (“MCPN”), after a 2012 breach of...more

Health Care Group News: OCR Published Three HIPAA Settlements in Two Weeks, Signaling a Ramp Up of HIPAA Enforcement Activity

by Murtha Cullina on

Providers Beware: OCR Published Three HIPAA Settlements in Two Weeks, Signaling a Ramp Up of HIPAA Enforcement Activity: Make sure risk assessments, business associate agreements and policies & procedures are in place...more

Healthcare Advisory: HHS Announces First Settlement with a Wireless Health Services Provider

by Sherman & Howard L.L.C. on

On April 24, 2017, the Department of Health and Human Services, Office of Civil Rights (“OCR”), announced its first settlement with a wireless health services provider, CardioNet, Inc., for alleged violations of the Health...more

Failure to Implement Business Associate Agreement Results in $31,000 Settlement For Health Care Provider

by Saul Ewing LLP on

On April 20, 2017, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced that Children’s Digestive Health (CDH) agreed to pay HHS $31,000 for its failure to have a business associate...more

HIPAA and the Cloud’s Shared Responsibility Models

by Snell & Wilmer on

Cloud-based service providers (CSPs), like Amazon Web Services and Microsoft Azure, offer online access to shared computing resources. As such, they have developed a “shared responsibility model” for how CSPs and companies...more

Small Healthcare Provider Pays $31,000 for Failing to Have a Business Associate Agreement With File Storage Vendor

by Jackson Lewis P.C. on

Disclosing protected health information (PHI) to a business associate without a compliant business associate agreement (BAA) is an improper disclosure under the HIPAA privacy and security regulations. According to the HHS...more

OCR Urges Covered Entities and Business Associates to Use HTTPS

New guidance from the Office for Civil Rights (OCR) urges covered entities and business associates to use Secure Hypertext Transport Protocol (HTTPS) to protect communications from vulnerabilities. According to OCR, the...more

Securing Protected Health Information: FBI Warning

by Burns & Levinson LLP on

HIPAA and the HITECH are federal laws that require the protection and security of confidential, protected health information (PHI) and personally identifiable information that is not necessarily health related. The federal...more

HIPAA Guidance Issued on Man-In-The-Middle Attacks

by McGuireWoods LLP on

Last week, the Office of Civil Rights (OCR) issued guidance on securing end-to-end communications for sensitive information transmitted between parties over the internet. The OCR warns against “man-in-the-middle” (MITM)...more

Recent HIPAA Privacy and Security Settlements and Lessons Learned

by Perkins Coie on

Although the fate of the Affordable Care Act remains undecided, enforcement of the HIPAA privacy and security regulations by the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services is ongoing,...more

OCR Identifies Continuing HIPAA Enforcement Issues, Areas of Future Guidance and Regulations

Last week the Health Care Compliance Association hosted its annual “Compliance Institute.” Iliana Peters, HHS Office for Civil Rights’ Senior Advisor for HIPAA Compliance and Enforcement, provided a thorough update of HIPAA...more

2017 HIPAA Enforcement: New Settlements and Penalties Already Total Over $11,000,000

by Williams Mullen on

In our last post, we highlighted the 2016 settlements between the Office for Civil Rights (OCR) and various covered entities (and business associates), in one of OCR’s most active years. As of now, 2017 is proving to be on...more

HHS Expected to Release Significant HIPAA Privacy Guidance This Year; Compliance Audits Proceed; Guide on Compliance Program...

by WilmerHale on

HIPAA privacy guidance, audits, and enforcement are continuing under the new Administration. On March 27, 2017, Iliana Peters, Senior Adviser for HIPAA Compliance and Enforcement at the US Department of Health and...more

Hey Dentists: No Business Associate Agreement, No Problem

by Ruder Ware on

According to the U.S. Health and Human Services Office for Civil Rights (OCR), dental practices are not required to have a business associate agreement with their dental laboratory before sharing protected health...more

HIPAA for HR - Some Good News for Employers

by Foley & Lardner LLP on

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that was enacted to ensure protection of individuals’ protected health information (PHI). The Standards for Privacy of Individually...more

HIPAA Enforcement Update (October 2016 – January 2017)

by Locke Lord LLP on

Since October 2016, the Department of Health and Human Services, Office for Civil Rights (OCR) announced four settlement agreements to resolve allegations of Health Insurance Portability and Accountability Act (HIPAA)...more

HHS Gets Agressive: HIPAA Audits from 2016

by Kiesewetter Law Firm on

HHS has become more aggressive with audits, and with increased penalties, covered entities and business associates simply cannot afford an audit on HIPAA rules and regulations. In March of 2016, HHS's Office for Civil Rights...more

Time Waits for No One: OCR Announces First HIPAA Settlement for Lack of Timely Breach Notification

by Davis Wright Tremaine LLP on

On Jan. 9, 2017, the Department of Health and Human Services Office for Civil Rights (“OCR”) announced the first HIPAA enforcement action for failure to timely report a breach. Often investigating and making formal...more

Looking Back at the HIPAA Resolution Agreements in 2016

by BakerHostetler on

In 2016, Health and Human Services’ (HHS) Office for Civil Rights (OCR), the enforcement arm for HIPAA, continued robust enforcement efforts. There were 12 reported resolution agreements (RA) in 2016. An RA is a settlement...more

21st Century Cures Act - HIPAA & Other Privacy Considerations

by Bass, Berry & Sims PLC on

On December 13, 2016, President Obama signed the 21st Century Cures Act (the Cures Act) into law. The Cures Act addresses a wide range of healthcare topics including clinical research, treatment of mental health and substance...more

AGG Food and Drug Newsletter - December 2016

by Arnall Golden Gregory LLP on

Arnall Golden Gregory LLP's Food and Drug Newsletter is a monthly update of legal and regulatory issues that affect the FDA-regulated community, including regular updates on legislative initiatives from AGG’s Washington, DC...more

HHS OCR Levies Significant HIPAA Penalties in a Series of Recent Settlements: Covered Entities and Business Associates Alike...

by Arnall Golden Gregory LLP on

Between June and November 2016, the Department of Health and Human Services Office of Civil Rights (HHS OCR) has announced seven high-dollar settlements to resolve alleged violations of the HIPAA privacy, security, and breach...more

No Phishing: OCR Warns of Phishing Attempts Disguised as Official HIPAA Audit Program Emails

by Davis Wright Tremaine LLP on

What’s worse than receiving an email indicating that you have been selected for an audit by your favorite government regulator? Clicking on a link in the email and discovering that it is a phishing attack that has just...more

OCR Issues Alerts Regarding Phishing Email Disguised as Official OCR Audit Communication

by BakerHostetler on

The HHS Office for Civil Rights (OCR) published an alert on November 28 describing a phishing email being circulated on mock HHS departmental letterhead under the signature of OCR Director Jocelyn Samuels. The email prompts...more

UMass Amherst Settles HIPAA Violations with OCR for $650,000

The Office for Civil Rights (OCR) has announced that the University of Massachusetts Amherst (UMass) has agreed to settle an investigation against it as a result of a malware infection for $650,000, along with implementing a...more

377 Results
|
View per page
Page: of 16
Cybersecurity

"My best business intelligence,
in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
Feedback? Tell us what you think of the new jdsupra.com!