News & Analysis as of

Business Associates Breach Notification Rule Department of Health and Human Services (HHS)

Business Associates can refer broadly to individuals engaged in business relationships with one another. However, in the HIPAA context, the term has a specific statutory meaning and those characterized as... more +
Business Associates can refer broadly to individuals engaged in business relationships with one another. However, in the HIPAA context, the term has a specific statutory meaning and those characterized as business associates have expanded data protection obligations and duties. Essentially, a business associate under HIPAA is a person or entity that performs certain functions or services which necessitates exposure to protected health information on behalf of a covered entity. Typical business associate functions include: claims processing or administration, data analysis, billing, etc.    less -
Benesch

Annual Report to Congress on HIPAA Privacy, Security, and Breach Notification Rule Compliance

Benesch on

The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) recently published an executive summary (Report) outlining key enforcement activities of the Health Insurance Portability and...more

BakerHostetler

HHS OCR Provides Annual Report to Congress Detailing 2022 Enforcement Activities

BakerHostetler on

On Feb. 16, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published its 2022 Annual Report to Congress. ...more

Venable LLP

Federal Trade Commission and U.S. Department of Health and Human Services Issue Warnings Related to Use of "Online Tracking...

Venable LLP on

The Federal Trade Commission (FTC) and the U.S. Department of Health and Human Services' Office for Civil Rights (OCR) recently published a warning letter that they jointly sent to more than 130 hospital systems and...more

Saul Ewing LLP

OCR Clarifies Direct Liability of Business Associates Under HIPAA

Saul Ewing LLP on

On May 24, 2019, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), released a new fact sheet describing 10 ways in which a “business associate” can be liable under HIPAA. ...more

BCLP

Healthcare Data Breach Enforcements and Fines

BCLP on

The Department of Health and Human Services’ (“HHS”) Office for Civil Rights (“OCR”) is responsible for enforcing the Privacy and Security Rules of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”)....more

Arnall Golden Gregory LLP

HHS OCR Levies Significant HIPAA Penalties in a Series of Recent Settlements: Covered Entities and Business Associates Alike...

Arnall Golden Gregory LLP on

Between June and November 2016, the Department of Health and Human Services Office of Civil Rights (HHS OCR) has announced seven high-dollar settlements to resolve alleged violations of the HIPAA privacy, security, and breach...more

Foley Hoag LLP - Security, Privacy and the...

More on HIPAA Audits for 2016 and 2017–Desk Audits and On-Site Audits

Foley Hoag LLP - Security, Privacy and the... on

As part of the ongoing HHS OCR HIPAA audit initiative, it is conducting “HIPAA desk audits.” These audits don’t involve auditors coming in your facility. Instead, covered entities are being asked to submit documents on...more

BakerHostetler

Cloud Service Providers Beware, You May Be Subject to HIPAA Without Knowing It

BakerHostetler on

The use of cloud service providers has exploded in the past several years. According to estimates from Gartner, the market for cloud services is expected to reach $204 billion in 2016. But the use of cloud service providers...more

Ballard Spahr LLP

HHS Designates Cloud Service Providers as Business Associates Under HIPAA

Ballard Spahr LLP on

Cloud service providers that process electronic protected health information (ePHI) are business associates under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), even if the PHI is encrypted and the...more

King & Spalding

HHS-OCR Announces Guidance On HIPAA Compliance And Cloud Computing

King & Spalding on

On October 6, 2016, the Department of Health and Human Services Office for Civil Rights (“OCR”) issued guidance on complying with HIPAA privacy, security, and breach notification rules when using cloud computing technology...more

Bradley Arant Boult Cummings LLP

Taking Measure of HIPAA Enforcement

Bradley Arant Boult Cummings LLP on

Last month, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) announced the largest settlement to date for alleged violations of the Health Insurance Portability and Accountability Act (HIPAA)....more

Davis Wright Tremaine LLP

OCR Sets Sights on Smaller HIPAA Breaches

Davis Wright Tremaine LLP on

Covered entities and business associates can expect increased scrutiny for breaches of unsecured protected health information affecting fewer than 500 individuals. Starting August 2016, the U.S. Department of Health and Human...more

Sheppard Mullin Richter & Hampton LLP

OCR to Focus More Investigative Resources on Smaller HIPAA Breaches with Less Than 500 Individuals Affected

Sheppard Mullin Richter & Hampton LLP on

The Department of Health & Human Services (DHHS) Office of Civil Rights (OCR) recently announced it will devote more resources to investigate smaller HIPAA breaches. Before this announcement, OCR typically opened...more

Alston & Bird

HIPAA Phase 2 Audits: What Has OCR Requested from Auditees to Date?

Alston & Bird on

In our April 8, 2016, advisory, we discussed the U.S. Department of Health and Human Services’ (HHS) Office of Civil Rights (OCR) “Phase 2” audit program. Then, we could only make educated guesses about what documents OCR...more

McDermott Will & Emery

Guidance on Ransomware Attacks under HIPAA and State Data Breach Notification Laws

McDermott Will & Emery on

The US Department of Health and Human Services (HHS) has recently issued guidance under the Health Insurance Portability and Accountability Act (HIPAA) on what covered entities and business associates can do to prevent and...more

Kilpatrick

Largest Health & Human Services HIPAA Settlement Wake-Up Call for Covered Entities to Evaluate and Mitigate Risks

Kilpatrick on

On Thursday, August 4, 2016, the U.S. Department of Health & Human Services, Office of Civil Rights (OCR) announced the largest settlement ever with a single entity for multiple potential Health Insurance Portability and...more

Foley Hoag LLP - Security, Privacy and the...

HHS OCR Guidance on Ransomware Attacks: They Constitute a “Security Incident” and Are Likely a Data Breach

Foley Hoag LLP - Security, Privacy and the... on

On July 11, 2016, the HHS Office of Civil Rights (OCR) released guidance on HIPAA covered entities’ responsibilities in a ransomware attack, a type of cyber-attack that has targeted the health care sector extensively in...more

Baker Donelson

Ransomware Attack is a Breach – Unless You Can Prove Otherwise

Baker Donelson on

Ransomware is the fastest growing malware threat in the United States, targeting simple home computers to elaborate corporate IT networks. The Federal Bureau of Investigation recently reported an increase in ransomware...more

Laner Muchin, Ltd.

Regulatory Authorities Launch The Second Phase Of The HIPAA Compliance Audit Program

Laner Muchin, Ltd. on

As a part of its continued efforts to assess compliance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Breach Notification Rules, the Health and Human Services (HHS) Office for...more

Miller & Martin PLLC

The Long Anticipated HIPAA Audits Are Here!

Miller & Martin PLLC on

Phase 2 HIPAA Audits, which the Department of Health and Human Services' Office of Civil Rights ("OCR") announced had "launched" back in March of this year, have now officially begun. On Monday, July 11, 2016, the first round...more

Morgan Lewis

OCR Begins HIPAA Phase 2 Audits

Morgan Lewis on

What covered entities and business associates can do to prepare for the next round of audits. On July 11, the HIPAA Phase 2 audits commenced when 167 covered entities received notice of a desk audit from the Department...more

Parker Poe Adams & Bernstein LLP

Entity Fined $650,000 in First HIPAA Settlement with a Business Associate

Parker Poe Adams & Bernstein LLP on

The possibility of business associates potentially being audited, investigated, and ultimately fined is now a reality. On June 24, 2016, the United States Department of Health and Human Services’ Office of Civil Rights...more

Alston & Bird

Employee Benefits & Executive Compensation Advisory: So You Heard About HIPAA Phase 2 Audits. What Should You Do Now?

Alston & Bird on

As you may have recently read (for example, “HHS/OCR Announces Launch of HIPAA Audit Program Phase 2”), the U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) has started “Phase 2” of its audit...more

King & Spalding

OIG Reports Insufficient Oversight Of HIPAA Compliance

King & Spalding on

The HHS Office for Civil Rights (OCR) must improve its oversight and enforcement of patient information privacy and security rules by “covered entities” and their business associates under the Health Information Portability...more

Orrick, Herrington & Sutcliffe LLP

Don’t Wait for It; Recent HIPAA Enforcement Action Signal More to Come in Phase 2 Audits

Orrick, Herrington & Sutcliffe LLP on

Officials at the U.S. Department of Health and Human Services Office of Civil Rights (HHS OCR) have recently selected a vendor to conduct the second wave of HIPAA audits. These so-called “Phase 2 Audits” are set to commence...more

26 Results
 / 
View per page
Page: of 2
Next »

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide