News & Analysis as of

Business Associates Office of Civil Rights Electronic Medical Records

Business Associates can refer broadly to individuals engaged in business relationships with one another. However, in the HIPAA context, the term has a specific statutory meaning and those characterized as... more +
Business Associates can refer broadly to individuals engaged in business relationships with one another. However, in the HIPAA context, the term has a specific statutory meaning and those characterized as business associates have expanded data protection obligations and duties. Essentially, a business associate under HIPAA is a person or entity that performs certain functions or services which necessitates exposure to protected health information on behalf of a covered entity. Typical business associate functions include: claims processing or administration, data analysis, billing, etc.    less -
BakerHostetler

OCR Guidance on Use of Tracking Technologies Warrants Review of Website Tech

BakerHostetler on

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) issued guidance regarding covered entities’ and business associates’ use of tracking technologies (the Guidance). As discussed in greater detail...more

Bricker Graydon LLP

Are you regulated under HIPAA? Ensure your website or app’s user tracking is HIPAA compliant

Bricker Graydon LLP on

On December 1, 2022, the Centers for Medicare and Medicaid Services’ Office of Civil Rights (OCR) issued new guidance to covered entities and business associates regarding website and application user data tracking and how...more

Hogan Lovells

Not so fast: HHS OCR warns that HIPAA applies to online tracking technologies

Hogan Lovells on

Covered Entities and Business Associates must comply with HIPAA in their use of online tracking technologies, including cookies, pixels or similar code. The U.S. Department of Health and Human Services (HHS), Office for Civil...more

NAVEX

4 Ways to Protect ePHI Beyond HIPAA Compliance

NAVEX on

Given the choice between credit card data and digital health records, cybercriminals prefer the latter. A stolen credit card can be canceled. Electronic protected health information (ePHI) with its treasure-trove of...more

Saul Ewing LLP

Solo Practitioner Agrees to $100,000 Settlement for HIPAA Security Rule Violations

Saul Ewing LLP on

On March 3, 2020, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) announced a $100,000 settlement and corrective action plan with Steven A. Porter, M.D. to resolve potential...more

Robinson+Cole Data Privacy + Security Insider

OCR Announces Second $85,000 Settlement for Alleged Violations of the Individual Right of Access under HIPAA

On December 12, 2019, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) announced its second “HIPAA Right of Access Initiative” settlement of alleged HIPAA violations....more

Foley & Lardner LLP

HIPAA: Failure to Report Breach Costs Hospital $2.175 Million

Foley & Lardner LLP on

One health system recently learned the cost of relying too heavily on the HIPAA Breach Notification Rule’s “low probability of compromise” standard when it failed to notify all affected individuals and report the HIPAA breach...more

Ballard Spahr LLP

HIPAA Guidance and Enforcement: A New Alignment?

Ballard Spahr LLP on

The Office of Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) announced that it has entered into a settlement with a business associate that provides electronic medical records services to health...more

Ballard Spahr LLP

A Modest HIPAA Settlement

Ballard Spahr LLP on

The Office of Civil Rights of the Department of Health and Human Services (OCR) announced that it has entered into a settlement with a business associate that provides electronic medical records services to health care...more

Foley & Lardner LLP

OCR Clarifies Direct Liability for Business Associates under HIPAA

Foley & Lardner LLP on

On May 24, 2019, the Department of Health and Human Services Office for Civil Rights (OCR) issued a new fact sheet which lists the provisions of the HIPAA Privacy, Security, Breach Notification, and Enforcement Rules (HIPAA)...more

Robinson+Cole Data Privacy + Security Insider

OCR Issues Fact Sheet Listing Circumstances in which Business Associates May Face Direct Liability for HIPAA Violations

In a development that may – understandably – have been overlooked by many heading into Memorial Day weekend, on May 24, 2019, the Health and Human Service’s (HHS) Office for Civil Rights (OCR) issued a Fact Sheet on Direct...more

Sheppard Mullin Richter & Hampton LLP

Cybersecurity, Inside Jobs, Outside Jobs, and HIPAA

According to a February 12, 2019 Press Release from Protenus, a developer of analytics for patient privacy monitoring and compliance, 15,085,302 patient records were breached in 2018 – a startling number made even more...more

McGuireWoods LLP

Don’t Neglect Physical Safeguards as Part of HIPAA Security Compliance

McGuireWoods LLP on

The HIPAA Security Rule requires covered entities and business associates to implement physical, administrative, and technical safeguards to protect protected health information (PHI). The U.S. Department of Health and Human...more

Holland & Knight LLP

A New HIPAA Accounting Rule on the Horizon?

Holland & Knight LLP on

Under HIPAA, patients have a right to information about certain disclosures, referred to as an accounting. Under the current iteration of the regulations, covered entities and business associates need not account for...more

Saul Ewing LLP

2017 Closes with $2 Million HIPAA Settlement

Saul Ewing LLP on

On December 28, 2017, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced that 21st Century Oncology, Inc. (21CO) agreed to pay $2.3 Million in lieu of potential civil money...more

Locke Lord LLP

HIPAA Enforcement Update (February 2017 – April 2017)

Locke Lord LLP on

In recent months, the Department of Health and Human Services, Office for Civil Rights (OCR) has announced four settlement agreements and one civil monetary penalty to resolve allegations of Health Insurance Portability and...more

Sheppard Mullin Richter & Hampton LLP

A $31,000 Mistake: Failing To Manage Business Associate Agreements Proves Costly For Providers

The Center for Children’s Digestive Health (CCDH), a small, for-profit pediatric subspecialty practice that operates seven clinics in the Chicago area, has paid the U.S. Department of Health and Human Services, Office for...more

Sherman & Howard L.L.C.

Healthcare Advisory: HHS Announces First Settlement with a Wireless Health Services Provider

On April 24, 2017, the Department of Health and Human Services, Office of Civil Rights (“OCR”), announced its first settlement with a wireless health services provider, CardioNet, Inc., for alleged violations of the Health...more

McGuireWoods LLP

HIPAA Guidance Issued on Man-In-The-Middle Attacks

McGuireWoods LLP on

Last week, the Office of Civil Rights (OCR) issued guidance on securing end-to-end communications for sensitive information transmitted between parties over the internet. The OCR warns against “man-in-the-middle” (MITM)...more

BakerHostetler

Cloud Service Providers Beware, You May Be Subject to HIPAA Without Knowing It

BakerHostetler on

The use of cloud service providers has exploded in the past several years. According to estimates from Gartner, the market for cloud services is expected to reach $204 billion in 2016. But the use of cloud service providers...more

Ballard Spahr LLP

HHS Designates Cloud Service Providers as Business Associates Under HIPAA

Ballard Spahr LLP on

Cloud service providers that process electronic protected health information (ePHI) are business associates under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), even if the PHI is encrypted and the...more

Stinson LLP

HHS Publishes New Guidance on HIPAA and Cloud Computing

Stinson LLP on

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) has issued a new guidance regarding HIPAA compliance and the use of cloud computing solutions. The guidance is intended to assist covered entities...more

Shumaker, Loop & Kendrick, LLP

Client Alert: The Government Enters into Largest HIPAA Settlement to Date; What HIPAA Covered Entities and Business Associates...

Advocate Health Care Network, which operates 12 hospitals and more than 200 other treatment centers in Chicago and central Illinois, has agreed to the largest settlement to date with the Office for Civil Rights (“OCR”) for...more

Dechert LLP

BYOD Risks under HIPAA – Does Your HIPAA Compliance Program Adequately Address the Ever Increasing Use of Portable Electronic...

Dechert LLP on

Many U.S. employers are now allowing employees to use their own personal handheld devices and laptop computers for work-related purposes. As the age of employer-provided devices is coming to an end and “bring your own device”...more

King & Spalding

OIG Reports Insufficient Oversight Of HIPAA Compliance

King & Spalding on

The HHS Office for Civil Rights (OCR) must improve its oversight and enforcement of patient information privacy and security rules by “covered entities” and their business associates under the Health Information Portability...more

34 Results
 / 
View per page
Page: of 2

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide