News & Analysis as of

Business Associates Department of Health and Human Services (HHS) Cybersecurity

Business Associates can refer broadly to individuals engaged in business relationships with one another. However, in the HIPAA context, the term has a specific statutory meaning and those characterized as... more +
Business Associates can refer broadly to individuals engaged in business relationships with one another. However, in the HIPAA context, the term has a specific statutory meaning and those characterized as business associates have expanded data protection obligations and duties. Essentially, a business associate under HIPAA is a person or entity that performs certain functions or services which necessitates exposure to protected health information on behalf of a covered entity. Typical business associate functions include: claims processing or administration, data analysis, billing, etc.    less -
Health Care Compliance Association (HCCA)

‘I Will Not Rest’; ‘I Am All In’: Remarkable Breach Hearing Sees Pledges by UHG CEO, Sen. Wyden

United Healthcare Group (UHG) CEO Andrew Witty was in a board meeting on Feb. 21 when officials interrupted with the news that Change Healthcare—a clearinghouse UHG subsidiary Optum had purchased for $1.3 billion in October...more

Health Care Compliance Association (HCCA)

Privacy Briefs: May 2024

Kaiser Permanente is notifying 13.4 million current and former members that their personal information may have been compromised when it was transmitted to tech giants Google, Microsoft Bing and X (formerly Twitter) when...more

Dorsey & Whitney LLP

Significant New Healthcare Privacy and Cybersecurity Developments

Dorsey & Whitney LLP on

As the federal government continues to take action in response to events impacting the healthcare landscape, stakeholders must ensure that they are staying up-to-date with health information privacy and security developments...more

Wilson Sonsini Goodrich & Rosati

OCR at HHS Updates Guidance on Use of Online Tracking Technology by HIPAA-Regulated Entities

On March 18, 2024, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) updated its guidance on the use of online tracking technology by covered entities regulated by the Health...more

Health Care Compliance Association (HCCA)

[Event] 2023 Healthcare Enforcement Compliance Conference - November 5th - 7th, Washington, DC

Hear directly from the enforcement community - Want to gain insight into properly monitoring, detecting, investigating, and managing violations? Join us at HCCA’s Annual Healthcare Enforcement Compliance Conference to...more

Health Care Compliance Association (HCCA)

OCR: Current Fines Too Low to Spur Compliance; Agency Also Seeks Funding Boost, Injunctive Relief

Report on Patient Privacy 22, no. 5 (May, 2022) - Compared to other agencies, the HHS Office for Civil Rights (OCR) is a little fish in the big federal pond, but it has an outsize effect on HIPAA covered entities (CEs) and...more

Health Care Compliance Association (HCCA)

2022 Outlook: More Dangerous Ransomware Coupled With Inadequate Security Practices

Report on Patient Privacy 22, no. 1 (January, 2022) - As the COVID-19 pandemic enters its third year, real “security fatigue” with pandemic-related issues will combine with cybercriminals’ increasingly sophisticated...more

Health Care Compliance Association (HCCA)

Facing Escalating Attacks, AHA Presses OCR to Expedite Security Practices Rule

Report on Patient Privacy 21, no. 12 (December, 2021) - Amid the letters of congratulations to new HHS Office for Civil Rights (OCR) Director Lisa Pino is a plea from the American Hospital Association (AHA): “victims” of...more

Health Care Compliance Association (HCCA)

OCR Investigator: Goal Is to Uncover ‘Root Cause,’ Remedy Harm From Violations

Report on Patient Privacy 21, no. 5 (May 2021) - Given the hundreds of thousands of HIPAA covered entities (CEs) and business associates (BAs) and the two dozen or so enforcement actions the HHS Office for Civil Rights...more

Akin Gump Strauss Hauer & Feld LLP

Pending Proposed Rule Would Make Far-Reaching Changes to HIPAA Privacy Regime

On January 21, 2020, the far-reaching HIPAA Privacy Proposed Rule, initially released on December 10, 2020, was published in the Federal Register. Despite speculation that the publication timeline would be altered when the...more

WilmerHale

Congress Passes Bill to Mitigate Penalties for Potential HIPAA Violations

WilmerHale on

On December 19, the Senate passed H.R.7898, which the House of Representatives had previously passed on December 9. This law amends the Health Information Technology for Economic and Clinical Health (HITECH) Act to require...more

Ballard Spahr LLP

HHS Issues HIPAA Guidance on Contacting Survivors of COVID-19 About Plasma Donation

Ballard Spahr LLP on

The Office of Civil Rights of the U.S. Department of Health and Human Services has issued guidance clarifying how HIPAA’s Privacy Rule permits covered entities (in particular, health care providers and health plans) or their...more

White & Case LLP

COVID-19 and Data Protection Compliance in the US

White & Case LLP on

Irrespective of your industry, the current COVID-19 pandemic poses a new and unique challenge to organizations, their employees, and their customers. The emergence of COVID-19 has prompted organizations to collect and process...more

King & Spalding

HHS Issues Important Notice That It Will Not Enforce Certain Fee Limitations On Individuals' Requests To Transmit Health Records...

King & Spalding on

On January 28, 2020, the Department of Health and Human Services (“HHS”) issued an announcement of financial importance to covered entities and business associates that produce copies of medical records to patients and third...more

Alston & Bird

White Paper on Privacy Issues in Proposed New National Medical Claims Database

Alston & Bird on

Prof. Peter Swire, Elizabeth and Thomas Holder Chair at the Georgia Tech Scheller College of Business and Senior Counsel at Alston & Bird, has published a new white paper on “Possible Privacy, Cybersecurity, and Data Breach...more

Holland & Hart - Health Law Blog

Business Associates’ Use of Information for Their Own Purposes

Business associates may want to use a covered entity’s protected health information (“PHI”) for the business associates’ own purposes, e.g., for their own product development, data aggregation, marketing, etc. However, with...more

Shumaker, Loop & Kendrick, LLP

Client Alert: The Lack of an Adequate HIPAA Security Risk Assessment is a Common and Costly Mistake by Healthcare Providers: What...

Health care providers and others who must comply with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) have specific requirements under the Security Rule to HIPAA when it comes to their mainte-nance...more

Sheppard Mullin Richter & Hampton LLP

Cybersecurity, Inside Jobs, Outside Jobs, and HIPAA

According to a February 12, 2019 Press Release from Protenus, a developer of analytics for patient privacy monitoring and compliance, 15,085,302 patient records were breached in 2018 – a startling number made even more...more

Baker Donelson

More Help for Health Care Organizations: HHS Releases Voluntary Cybersecurity Practices Developed with Industry Input

Baker Donelson on

On Friday, December 28, 2018, the Department of Health and Human Services (HHS) released several documents, including the "Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients," an...more

Sheppard Mullin Richter & Hampton LLP

Company’s Vendor Suffers Breach, No Business Associate Agreement, $500K OCR Settlement

A Florida staffing agency which provides physicians to hospitals and nursing homes, has agreed to a $500,000 settlement with the U.S. Department of Health and Human Services, Office for Civil Rights. The settlement comes...more

Baker Donelson

Changes to the Security Risk Assessment (SRA) Tool Require Attention

Baker Donelson on

The HHS Office of the National Coordinator for Health Information Technology (ONC) and the HHS Office for Civil Rights (OCR) released an updated Security Risk Assessment (SRA) Tool this week. All covered entities and business...more

Jackson Lewis P.C.

Lessons To Be Learned From The Breach Of Nearly 500,000 Individual Health Records Reported In September 2017

Jackson Lewis P.C. on

A recent report indicates that nearly 500,000 individual health records were breached in September 2017. This figure is taken from the 39 healthcare data breaches involving more than 500 records that were reported to the...more

Balch & Bingham LLP

My Entity Just Experienced a Cyber-Attack! What Do We Do Now?

Balch & Bingham LLP on

On June 9, 2017, the U.S. Department of Health and Human Services (HHS), Office of Civil Rights (OCR) released a cyber-attack “Quick Response” checklist (the Checklist) for the benefit of HIPAA covered entities and business...more

Mintz - Health Care Viewpoints

OCR Publishes Checklist and Infographic for Cyber Attack Response

OCR released a simple checklist and infographic last week to assist Covered Entities and Business Associates with responding to potential cyber attacks. As cybersecurity remains a pressing concern for health care entities,...more

Saul Ewing LLP

Failure to Implement Business Associate Agreement Results in $31,000 Settlement For Health Care Provider

Saul Ewing LLP on

On April 20, 2017, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced that Children’s Digestive Health (CDH) agreed to pay HHS $31,000 for its failure to have a business associate...more

45 Results
 / 
View per page
Page: of 2

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide