News & Analysis as of

Business Associates Civil Monetary Penalty Covered Entities

Business Associates can refer broadly to individuals engaged in business relationships with one another. However, in the HIPAA context, the term has a specific statutory meaning and those characterized as... more +
Business Associates can refer broadly to individuals engaged in business relationships with one another. However, in the HIPAA context, the term has a specific statutory meaning and those characterized as business associates have expanded data protection obligations and duties. Essentially, a business associate under HIPAA is a person or entity that performs certain functions or services which necessitates exposure to protected health information on behalf of a covered entity. Typical business associate functions include: claims processing or administration, data analysis, billing, etc.    less -
Health Care Compliance Association (HCCA)

Privacy Briefs: May 2024

Health Care Compliance Association (HCCA) on

Kaiser Permanente is notifying 13.4 million current and former members that their personal information may have been compromised when it was transmitted to tech giants Google, Microsoft Bing and X (formerly Twitter) when...more

Holland & Hart LLP

Business Associate Agreements: Requirements and Suggestions

Holland & Hart LLP on

The HIPAA Privacy and Security Rules generally require covered entities (including most healthcare providers) to execute written agreements (“business associate agreements” or “BAAs”) with their business associates before...more

Health Care Compliance Association (HCCA)

OCR: Current Fines Too Low to Spur Compliance; Agency Also Seeks Funding Boost, Injunctive Relief

Health Care Compliance Association (HCCA) on

Report on Patient Privacy 22, no. 5 (May, 2022) - Compared to other agencies, the HHS Office for Civil Rights (OCR) is a little fish in the big federal pond, but it has an outsize effect on HIPAA covered entities (CEs) and...more

Baker Donelson

Office For Civil Rights Seeks Input on Implementation of HITECH Amendments

Baker Donelson on

On April 6, 2022, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) released a Request for Information (RFI) seeking public comment on "recognized security practices" and on sharing civil...more

Health Care Compliance Association (HCCA)

Facing Escalating Attacks, AHA Presses OCR to Expedite Security Practices Rule

Health Care Compliance Association (HCCA) on

Report on Patient Privacy 21, no. 12 (December, 2021) - Amid the letters of congratulations to new HHS Office for Civil Rights (OCR) Director Lisa Pino is a plea from the American Hospital Association (AHA): “victims” of...more

Mintz - Privacy & Cybersecurity Viewpoints

A New Decade of HIPAA – What Can We Expect?

Mintz - Privacy & Cybersecurity Viewpoints on

As the decade winds down, it’s hard to believe that the HIPAA Privacy and Security Rules are almost twenty years old. It has been ten years since the U.S. Department of Health and Human Services (HHS) Office for Civil Rights...more

McGuireWoods LLP

HHS Lowers Annual Caps on Most HIPAA CMPs

McGuireWoods LLP on

On April 30, 2019, the United States Department of Health and Human Services (HHS) published a notice of enforcement discretion that lowers most of the annual caps on civil money penalties (CMP). HHS may assess against...more

Arnall Golden Gregory LLP

Good News for Covered Entities and Business Associates: Recent HHS HIPAA Pronouncements Acknowledge Realities and Soften Impact

Arnall Golden Gregory LLP on

In two recent pronouncements, the United States Department of Health and Human Services (HHS) has taken a balanced approach to interpreting the Health Insurance Portability and Accountability Act (HIPAA) regulations that...more

Ballard Spahr LLP

HHS Decreases Maximum HIPAA Penalties

Ballard Spahr LLP on

The Department of Health and Human Services has announced that it is lowering the maximum amount it will assess for most types of HIPAA violations. Although the change is couched as an exercise of discretion, HHS states that...more

Sheppard Mullin Richter & Hampton LLP

Are You a “Hybrid Entity” under the Health Insurance Portability and Accountability Act of 1996? The $4,348,000 Question

Sheppard Mullin Richter & Hampton LLP on

A single, multidisciplinary entity, like a university, may include certain departments that use PHI, and other departments that do not. Such institutions are eligible to (and should) self-identify as “hybrid entities” to...more

Holland & Hart LLP

Minimizing Liability For Business Associate Misconduct

Holland & Hart LLP on

Healthcare providers, health plans and healthcare clearinghouses (“covered entities”) and business associates are subject to significant penalties for violations of the HIPAA Privacy, Security and Breach Notification Rules....more

Perkins Coie

Recent HIPAA Privacy and Security Settlements and Lessons Learned

Perkins Coie on

Although the fate of the Affordable Care Act remains undecided, enforcement of the HIPAA privacy and security regulations by the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services is ongoing,...more

Williams Mullen

2017 HIPAA Enforcement: New Settlements and Penalties Already Total Over $11,000,000

Williams Mullen on

In our last post, we highlighted the 2016 settlements between the Office for Civil Rights (OCR) and various covered entities (and business associates), in one of OCR’s most active years. As of now, 2017 is proving to be on...more

BCLP

How to Avoid Being the Next OCR Target for a HIPAA CMP

BCLP on

In 2016, the Office for Civil Rights (“OCR”) imposed civil monetary penalties (“CMPs”) of over $22.8 million on 12 entities, including a business associate. The most frequent violations of the Health Insurance Portability and...more

Mintz - Health Care Viewpoints

Latest OCR HIPAA Settlement Provides Lessons for Covered Entities

Mintz - Health Care Viewpoints on

Capping off a busy month of HIPAA settlements, on August 4, the Office for Civil Rights (“OCR”) announced a $5.55 million settlement with Advocate Health Care Network (“Advocate”), the largest fully-integrated healthcare...more

Jackson Lewis P.C.

HIPAA and $15 Million in 2016

Jackson Lewis P.C. on

For years, many questioned whether the HIPAA privacy and security rules would be enforced. The agency responsible for enforcement, Health and Human Services’ Office for Civil Rights (OCR), promised it would enforce the rules,...more

Poyner Spruill LLP

First Ever OCR Settlement of Enforcement Action against HIPAA Business Associate Due to PHI Breach

Poyner Spruill LLP on

On June 30, the Office of Civil Rights (OCR) announced the first HIPAA settlement agreement with a business associate. This follows recent settlements with two HIPAA covered entities under HIPAA due, in large part, to the...more

17 Results
 / 
View per page
Page: of 1

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide