News & Analysis as of September 17, 2024

Department of Health and Human Services (HHS)

+ Follow

Business Associates can refer broadly to individuals engaged in business relationships with one another. However, in the HIPAA context, the term has a specific statutory meaning and those characterized as business associates have expanded data protection obligations and duties. Essentially, a business associate under HIPAA is a person or entity that performs certain functions or services which necessitates exposure to protected health information on behalf of a covered entity. Typical business associate functions include: claims processing or administration, data analysis, billing, etc. less -

HHS Issues Model Attestation Required by Final HIPAA Regulations Supporting Reproductive Health Care Privacy

Verrill on 8/1/2024

On April 26, 2024, the U.S. Department of Health and Human Services (HHS) and Office for Civil Rights (OCR) published Final Regulations under HIPAA’s Privacy Rule introducing greater protections for information related to...more

HHS Publishes Final Rule to Support Reproductive Health Care Privacy

Epstein Becker & Green on 5/23/2024

The Supreme Court’s 2022 decision in Dobbs v. Jackson Women’s Health Organization to eliminate the federal constitutional right to abortion continues to alter the legal landscape across the country. On April 26, 2024, the...more

‘I Will Not Rest’; ‘I Am All In’: Remarkable Breach Hearing Sees Pledges by UHG CEO, Sen. Wyden

Health Care Compliance Association (HCCA) on 5/13/2024

United Healthcare Group (UHG) CEO Andrew Witty was in a board meeting on Feb. 21 when officials interrupted with the news that Change Healthcare—a clearinghouse UHG subsidiary Optum had purchased for $1.3 billion in October...more

Privacy Briefs: May 2024

Health Care Compliance Association (HCCA) on 5/13/2024

Kaiser Permanente is notifying 13.4 million current and former members that their personal information may have been compromised when it was transmitted to tech giants Google, Microsoft Bing and X (formerly Twitter) when...more

HHS Updates Its Guidance on Online Tracking Technologies – Controversy Remains

Woods Rogers on 4/29/2024

The U.S. Department of Health and Human Services, Office of Civil Rights (OCR) recently updated its controversial, year-old guidance document on the use of online tracking technologies by healthcare providers and other...more

Business Associate Victim of Ransomware Attack Pays $100,000 to HHS OCR

Brooks Pierce on 12/6/2023

Is your organization a business associate? You could be subject to enforcement action if you fail to protect health information within your control from ransomware attacks. In October, for the first time, the U.S....more

OCR Alerts Listservs About Fake Phishing Email to Covered Entities and Business Associates

Robinson+Cole Data Privacy + Security Insider on 12/2/2016

On November 28, 2016, the Office for Civil Rights (OCR) issued an Alert to its listservs that a phishing email is being circulated on “mock HHS Departmental letterhead under the signature of OCR”s Director, Jocelyn Samuels”...more

HHS Publishes New Guidance on HIPAA and Cloud Computing

Stinson LLP on 10/27/2016

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) has issued a new guidance regarding HIPAA compliance and the use of cloud computing solutions. The guidance is intended to assist covered entities...more

GAO Study Slams HHS For Lack of Guidance to Covered Entities

Robinson+Cole Data Privacy + Security Insider on 10/10/2016

We watch closely for any guidance to HIPAA covered entities and business associates from the Department of Health and Human Services Office for Civil Rights (HHS/OCR). Why? Because there is so little of it. Lately, the only...more

HIPAA News: HHS Getting Tough On ePHI Data Breaches

Snell & Wilmer on 8/8/2016

On August 4, 2016, the U.S. Department of Health and Human Services, Office of Civil Rights (OCR) announced a record-setting settlement with Advocate Health Care Network (Advocate) for multiple potential violations of HIPAA...more

Is Your HIPAA Compliance Program Ready for the FTC?

Womble Bond Dickinson on 10/12/2015

Everyone in healthcare knows that the next round of HIPAA audits is coming. Covered entities and business associates have long been advised to review and update their HIPAA security risk analyses, have business associate...more

Get Your Questions Ready

Faegre Drinker Biddle & Reath LLP on 10/7/2015

A lot has changed since the HIPAA Privacy Rule was finalized in 2002 and the HIPAA Security Rule was finalized a year later in 2003. The iPhone had not been released (that happened in 2007), Apple had just released the...more

Don’t Wait for It; Recent HIPAA Enforcement Action Signal More to Come in Phase 2 Audits

Orrick, Herrington & Sutcliffe LLP on 9/21/2015

Officials at the U.S. Department of Health and Human Services Office of Civil Rights (HHS OCR) have recently selected a vendor to conduct the second wave of HIPAA audits. These so-called “Phase 2 Audits” are set to commence...more

Health Update - November 2014

Manatt, Phelps & Phillips, LLP on 11/21/2014

“Healthcare-Related” Calls: Ambiguity at the Intersection of HIPAA and TCPA - Editor’s Note: The Federal Communications Commission (FCC) has established exemptions from certain requirements of the Telephone Consumer...more

Free HIPAA Help

Holland & Knight LLP on 4/15/2014

Health care providers, health plans, business associates, and other entities affected by the federal HIPAA privacy and security regulations are quickly running out of excuses for not having a robust HIPAA compliance program...more

Monthly Benefits Update - September 2013

Franczek P.C. on 10/3/2013

Health & Welfare Plans - Health Care Reform: FAQ Part XVI Addresses Insurance Exchange Notice and 90-Day Waiting Period Requirement. The Treasury, the Department of Labor and the Department of Health and Human...more

Cloud Storage Providers Storing Protected Health Information May Be Obligated to Comply with HIPAA Regulations

Wilson Sonsini Goodrich & Rosati on 4/17/2013

A recently issued government rule may unknowingly create significant liability and legal risk for many technology enterprises. The expanded definition of "business associates" and related interpretations by the Department of...more

The HIPAA/HITECH Final Rule has arrived!

Sands Anderson PC on 4/9/2013

If you are a health care provider and/or someone who routinely performs work involving patient health information on behalf of a health care provider, you likely need to know about the HIPAA/HITECH Final Rule....more

Burr Alert: Employer Obligations Under New HIPAA Rules

Burr & Forman on 3/26/2013

With all of the attention garnered by healthcare reform, it would be easy to overlook the new HIPAA rules (the "Rules") applicable to covered entities under HIPAA, which include employer group health plans. Compliance with...more

New HIPAA Regulations Require Action by Group Health Plans

McDermott Will & Emery on 3/8/2013

Final HIPAA privacy and security regulations issued by the U.S. Department of Health and Human services will require action by group health plan sponsors by September 2013....more

A Detailed Analysis of Changes to HIPAA and the Implications for Healthcare Providers and Others in the Healthcare Industry: HIPAA...

Womble Bond Dickinson on 2/6/2013

Changes to the HIPAA Enforcement Rule - Background: On October 30, 2009, HHS issued an interim final rule revising the Enforcement Rule to incorporate provisions of the HITECH Act. The NPRM then proposed a number of...more

21 Results

View per page

Page: of 1

Business Associates › Healthcare › Department of Health and Human Services (HHS)

"My best business intelligence, in one easy email…"