News & Analysis as of

Business Associates

Business Associates can refer broadly to individuals engaged in business relationships with one another. However, in the HIPAA context, the term has a specific statutory meaning and those characterized as... more +
Business Associates can refer broadly to individuals engaged in business relationships with one another. However, in the HIPAA context, the term has a specific statutory meaning and those characterized as business associates have expanded data protection obligations and duties. Essentially, a business associate under HIPAA is a person or entity that performs certain functions or services which necessitates exposure to protected health information on behalf of a covered entity. Typical business associate functions include: claims processing or administration, data analysis, billing, etc.    less -

Beware: HIPAA Applies To The Health Plans You Never Knew You Had (Part 1: Employee Assistance Programs)

by Fox Rothschild LLP on

You may be surprised to learn that those “extra” benefits your company offers to its employees such as your employee assistance program (“EAP”) and wellness program likely are subject to the HIPAA privacy, security and breach...more

Tax Reform: Impact on Private Equity and M&A

by Vedder Price on

On December 22, 2017, new tax legislation commonly referred to as the Tax Cuts and Jobs Act (the “Act”) was signed into law. The Act represents a major overhaul of the U.S. federal tax system and includes many new provisions,...more

Lessons Learned from Recent OCR HIPAA Audits

Covered entities, including employer sponsored health plans, should brace for audits and enforcement of the Privacy, Security, and Breach Notification rules by the Department of Health & Human Service Office of Civil Rights...more

Critical Considerations for Service Level Management

by Foley & Lardner LLP on

In the last couple of weeks you have certainly been thinking about your New Year’s resolutions. As 2018 kicks off, there’s no better time to the think about how to manage your suppliers and your procurement process. Service...more

2017 Closes with $2 Million HIPAA Settlement

On December 28, 2017, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced that 21st Century Oncology, Inc. (21CO) agreed to pay $2.3 Million in lieu of potential civil money...more

Top 5 Common HIPAA Mistakes To Avoid In 2018

by Fox Rothschild LLP on

Heading into its 22nd year, HIPAA continues to be misunderstood and misapplied by many, including health care industry professionals who strive for (or at least claim the mantle of) HIPAA compliance. Here is my “top 5” list...more

HIPAA Enforcement Update

by Locke Lord LLP on

With respect to enforcement, the Department of Health and Human Services, Office for Civil Rights (OCR) announced two Settlement Agreements to resolve allegations of HIPAA violations between May and October of 2017. Neither...more

OCR Warns Health Care Industry of Risks with Previous Employees

In its November newsletter, the Office for Civil Rights (OCR) made a great point that we are seeing in the industry—the risks associated with previous employees. According to its newsletter, entitled “Insider Threats and...more

Lessons To Be Learned From The Breach Of Nearly 500,000 Individual Health Records Reported In September 2017

by Jackson Lewis P.C. on

A recent report indicates that nearly 500,000 individual health records were breached in September 2017. This figure is taken from the 39 healthcare data breaches involving more than 500 records that were reported to the...more

HIPAA Check: Do You Know What to Do if a Breach Happens to You?

by Williams Mullen on

Breaches happen. They happen to major health systems, and they happen to solo practitioners. They happen to health plans, and they happen to health information technology vendors. In our technology-reliant world, it would be...more

Clinical trials Part II: Privacy, cybersecurity risks, and managing ePHI

by Thompson Coburn LLP on

The ongoing digitization of the drug and medical device industries continues, and, as a result, new considerations have come to the forefront for companies engaged in clinical trials. In Part 1 of this series, we described a...more

Building a Health App? Part 6: HIPAA and Other Privacy and Security Considerations

Consumers are increasingly turning to health apps for a variety of medical and wellness-related purposes. This has in turn caused greater amounts of data—including highly sensitive information—to flow through these apps....more

Is it HIPAA or HIPPA? Either way, it still applies.

by Winstead PC on

I have negotiated hundreds of SaaS agreements for dozens of software companies and I always hated when the company on the other side was a healthcare provider. Invariably, they would bring up Protected Health Information...more

Business Associate Resold Fax Machine Containing PHI

Fax machines are still used in the medical community, and these days, faxing may be more secure than emailing as hackers have not yet cracked the task of hacking into old fax machines. All kidding aside, fax machines have...more

Financial Services Quarterly Report - Third Quarter 2017: Global Update: UK Criminal Finance Act 2017: Immediate Considerations...

by Dechert LLP on

UK asset managers, non-UK asset managers carrying on business in the UK and the funds they manage are within the scope of the new corporate criminal offences of failing to prevent the facilitation of tax evasion. As the new...more

Don’t Forget HIPAA’s “Minimum Necessary” Rule When Making Health Information Disclosures

by Nossaman LLP on

When Covered Entities or Business Associates or their counsel analyze whether a particular disclosure of Protected Health Information (or “PHI,” as defined in HIPAA) is permissible, they should be sure also to analyze whether...more

Enhanced HHS HIPAA Breach Reporting Tool May Aid Health Care Industry Data Security Efforts

by Jackson Lewis P.C. on

Secretary Tom Price of the U.S. Department of Health and Human Services (HHS) announced his agency needs “to focus more on the most recent breaches and clarify when entities have taken action to resolve the issues that might...more

Another Key to HIPAA Compliance – Have Policies and Procedures and Implement Them, Too

by Williams Mullen on

On this blog, we have discussed the criticality of risk analyses – the assessment required by the Security Rule of the “risks and vulnerabilities” that an organization faces with respect to all of its electronic protected...more

Health Update - July 2017

Contracting With Technology Vendors: Obligations and Compliance Strategies - Editor’s Note: In a recent webinar, Manatt Health examined how to protect privacy when communicating in the digital age. The session revealed how...more

Ten Tips For Actions By A Covered Entity After A HIPAA Breach By A Business Associate

by Fox Rothschild LLP on

This blog recently discussed tips for a covered entity (CE) in dealing with a HIPAA business associate (BA). Now, even though you have adopted all of the tips and more, in this dangerous and ever more complex data security...more

Five Takeaways from the OCR Reminder on HIPAA Obligations In Ransomware Incidents

by Poyner Spruill LLP on

Apparently prompted by the recent high-profile wave of ransomware attacks, the Department of Health and Human Services’ Office of Civil Rights (OCR) has reminded hospitals, healthcare systems, and other covered entities and...more

How Can Healthcare Organizations Prepare for the Next Cyberattack?

by Latham & Watkins LLP on

HHS OCR issues checklist, iterative guidance in wake of WannaCry and Petya attacks; Anthem breach settlement provides additional lessons. Key Points: ..Healthcare organizations are particularly vulnerable to ransomware...more

Healthcare Business Associates

by Bryan Cave on

The Health Information Technology for Economic and Clinical Health (“HITECH”) Act modified the Health Insurance Portability and Accountability Act (“HIPAA”) by expanding the definition of Business Associates (“BA”) and their...more

HHS Publishes Health Care Cyber Attack Checklist

by Tucker Arensberg, P.C. on

HHS has published a very brief guide, in the form of a checklist, to explain the steps for a HIPAA covered entity or business associate to take in response to a cyber related security incident. You can access the checklist at...more

Healthcare Data Breach Enforcements and Fines

by Bryan Cave on

The Department of Health and Human Services’ (“HHS”) Office for Civil Rights (“OCR”) is responsible for enforcing the Privacy and Security Rules of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”)....more

471 Results
|
View per page
Page: of 19
Cybersecurity

"My best business intelligence,
in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.