News & Analysis as of

Business Associates Breach Notification Rule Protected Health Information

Business Associates can refer broadly to individuals engaged in business relationships with one another. However, in the HIPAA context, the term has a specific statutory meaning and those characterized as... more +
Business Associates can refer broadly to individuals engaged in business relationships with one another. However, in the HIPAA context, the term has a specific statutory meaning and those characterized as business associates have expanded data protection obligations and duties. Essentially, a business associate under HIPAA is a person or entity that performs certain functions or services which necessitates exposure to protected health information on behalf of a covered entity. Typical business associate functions include: claims processing or administration, data analysis, billing, etc.    less -
Holland & Knight LLP

HIPAA Breach Notice Can Be Delegated to Change Healthcare

Holland & Knight LLP on

After months of uncertainty and multiple letters from industry associations advocating on behalf of the healthcare industry with the U.S. Department of Health and Human Service (HHS) Office for Civil Rights (OCR), covered...more

Benesch

Annual Report to Congress on HIPAA Privacy, Security, and Breach Notification Rule Compliance

Benesch on

The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) recently published an executive summary (Report) outlining key enforcement activities of the Health Insurance Portability and...more

BakerHostetler

HHS OCR Provides Annual Report to Congress Detailing 2022 Enforcement Activities

BakerHostetler on

On Feb. 16, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published its 2022 Annual Report to Congress. ...more

Venable LLP

Federal Trade Commission and U.S. Department of Health and Human Services Issue Warnings Related to Use of "Online Tracking...

Venable LLP on

The Federal Trade Commission (FTC) and the U.S. Department of Health and Human Services' Office for Civil Rights (OCR) recently published a warning letter that they jointly sent to more than 130 hospital systems and...more

Health Care Compliance Association (HCCA)

OCR Targets Three Dentists in New Enforcement Actions; Nixes Political Use of PHI, Review Backlash

Health Care Compliance Association (HCCA) on

Report on Patient Privacy 22, no. 4 (April, 2022) - By many measures, David Northcutt’s unsuccessful 2018 bid for the Alabama senate was a costly one. Northcutt, a dentist, loaned his campaign $73,000 throughout the...more

Holland & Knight LLP

Important FTC Rules for Health Apps Outside of HIPAA

Holland & Knight LLP on

The Federal Trade Commission (FTC) adopted a policy statement on Sept. 15, 2021, emphasizing that developers of digital health apps, connected devices and other health products have obligations under the Health Breach...more

Foley & Lardner LLP

HIPAA: Failure to Report Breach Costs Hospital $2.175 Million

Foley & Lardner LLP on

One health system recently learned the cost of relying too heavily on the HIPAA Breach Notification Rule’s “low probability of compromise” standard when it failed to notify all affected individuals and report the HIPAA breach...more

Mintz - Health Care Viewpoints

HIPAA Updates: New Guidance for Business Associates and Continued Data Breaches

Mintz - Health Care Viewpoints on

The HHS Office for Civil Rights (OCR) released a new guidance document regarding which HIPAA violations business associates (BAs) can and cannot be held directly liable for. In the guidance, OCR states that BAs can be held...more

Saul Ewing LLP

OCR Clarifies Direct Liability of Business Associates Under HIPAA

Saul Ewing LLP on

On May 24, 2019, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), released a new fact sheet describing 10 ways in which a “business associate” can be liable under HIPAA. ...more

Mintz - Health Care Viewpoints

Another HIPAA Settlement for Failure to Enter Into a BAA

Mintz - Health Care Viewpoints on

Last week, the Office for Civil Rights (OCR) announced that it had reached a settlement with a contract physician group based in Florida to resolve potential HIPAA violations relating to the sharing of protected health...more

BCLP

Healthcare Data Breach Enforcements and Fines

BCLP on

The Department of Health and Human Services’ (“HHS”) Office for Civil Rights (“OCR”) is responsible for enforcing the Privacy and Security Rules of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”)....more

Robinson+Cole Data Privacy + Security Insider

Lessons Learned from Recent OCR HIPAA Audits

Robinson+Cole Data Privacy + Security Insider on

Covered entities, including employer sponsored health plans, should brace for audits and enforcement of the Privacy, Security, and Breach Notification rules by the Department of Health & Human Service Office of Civil Rights...more

Sheppard Mullin Richter & Hampton LLP

A $31,000 Mistake: Failing To Manage Business Associate Agreements Proves Costly For Providers

Sheppard Mullin Richter & Hampton LLP on

The Center for Children’s Digestive Health (CCDH), a small, for-profit pediatric subspecialty practice that operates seven clinics in the Chicago area, has paid the U.S. Department of Health and Human Services, Office for...more

Arnall Golden Gregory LLP

HHS OCR Levies Significant HIPAA Penalties in a Series of Recent Settlements: Covered Entities and Business Associates Alike...

Arnall Golden Gregory LLP on

Between June and November 2016, the Department of Health and Human Services Office of Civil Rights (HHS OCR) has announced seven high-dollar settlements to resolve alleged violations of the HIPAA privacy, security, and breach...more

Foley Hoag LLP - Security, Privacy and the...

More on HIPAA Audits for 2016 and 2017–Desk Audits and On-Site Audits

Foley Hoag LLP - Security, Privacy and the... on

As part of the ongoing HHS OCR HIPAA audit initiative, it is conducting “HIPAA desk audits.” These audits don’t involve auditors coming in your facility. Instead, covered entities are being asked to submit documents on...more

BakerHostetler

Cloud Service Providers Beware, You May Be Subject to HIPAA Without Knowing It

BakerHostetler on

The use of cloud service providers has exploded in the past several years. According to estimates from Gartner, the market for cloud services is expected to reach $204 billion in 2016. But the use of cloud service providers...more

Ballard Spahr LLP

HHS Designates Cloud Service Providers as Business Associates Under HIPAA

Ballard Spahr LLP on

Cloud service providers that process electronic protected health information (ePHI) are business associates under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), even if the PHI is encrypted and the...more

Fisher Phillips

Recent HIPAA Settlements Highlight Importance Of Business Associate Agreements

Fisher Phillips on

Two related healthcare companies were forced to pay settlements with the federal government totaling over $500,000 over allegations relating to a data breach involving patient health information. Much of the negative...more

King & Spalding

HHS-OCR Announces Guidance On HIPAA Compliance And Cloud Computing

King & Spalding on

On October 6, 2016, the Department of Health and Human Services Office for Civil Rights (“OCR”) issued guidance on complying with HIPAA privacy, security, and breach notification rules when using cloud computing technology...more

BCLP

Healthcare Data Breach Enforcements and Fines At A Glance

BCLP on

The Department of Health and Human Services’ (“HHS”) Office for Civil Rights (“OCR”) is responsible for enforcing the Privacy and Security Rules of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”)....more

Davis Wright Tremaine LLP

OCR Sets Sights on Smaller HIPAA Breaches

Davis Wright Tremaine LLP on

Covered entities and business associates can expect increased scrutiny for breaches of unsecured protected health information affecting fewer than 500 individuals. Starting August 2016, the U.S. Department of Health and Human...more

Winstead PC

No HIPAA Hall Pass for Business Associates and Small Breaches

Winstead PC on

Phase 2 Audits of Business Associates: The Department of Health and Human Services, Office for Civil Rights (OCR) is in the process of conducting its phase 2 audits of Covered Entities and Business Associates. “Covered...more

Sheppard Mullin Richter & Hampton LLP

OCR to Focus More Investigative Resources on Smaller HIPAA Breaches with Less Than 500 Individuals Affected

Sheppard Mullin Richter & Hampton LLP on

The Department of Health & Human Services (DHHS) Office of Civil Rights (OCR) recently announced it will devote more resources to investigate smaller HIPAA breaches. Before this announcement, OCR typically opened...more

Alston & Bird

HIPAA Phase 2 Audits: What Has OCR Requested from Auditees to Date?

Alston & Bird on

In our April 8, 2016, advisory, we discussed the U.S. Department of Health and Human Services’ (HHS) Office of Civil Rights (OCR) “Phase 2” audit program. Then, we could only make educated guesses about what documents OCR...more

BCLP

Ransomware May Be a Reportable HIPAA Breach

BCLP on

In 2016, more than 4000 ransomware or other malware attacks are occurring daily, a 300% increase since 2015. There have been reports of six hospitals that have been victims of ransomware in 2016. Ransomware is a type of...more

48 Results
 / 
View per page
Page: of 2
Next »

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide