News & Analysis as of

Business Associates HIPAA Breach

Business Associates can refer broadly to individuals engaged in business relationships with one another. However, in the HIPAA context, the term has a specific statutory meaning and those characterized as... more +
Business Associates can refer broadly to individuals engaged in business relationships with one another. However, in the HIPAA context, the term has a specific statutory meaning and those characterized as business associates have expanded data protection obligations and duties. Essentially, a business associate under HIPAA is a person or entity that performs certain functions or services which necessitates exposure to protected health information on behalf of a covered entity. Typical business associate functions include: claims processing or administration, data analysis, billing, etc.    less -
Health Care Compliance Association (HCCA)

[Event] Healthcare Privacy Compliance Academy - December 9th - 12th, San Diego, CA

Health Care Compliance Association (HCCA) on

HCCA's Healthcare Privacy Compliance Academy is a three-and-a-half-day interactive education program with a focus on the vast body of privacy laws and regulations in place to help you protect PHI and other critical data. Our...more

Health Care Compliance Association (HCCA)

[Event] Healthcare Privacy Compliance Academy - November 18th - 21st, Boston, MA

Health Care Compliance Association (HCCA) on

HCCA's Healthcare Privacy Compliance Academy is a three-and-a-half-day interactive education program with a focus on the vast body of privacy laws and regulations in place to help you protect PHI and other critical data. Our...more

Holland & Knight LLP

HIPAA Breach Notice Can Be Delegated to Change Healthcare

Holland & Knight LLP on

After months of uncertainty and multiple letters from industry associations advocating on behalf of the healthcare industry with the U.S. Department of Health and Human Service (HHS) Office for Civil Rights (OCR), covered...more

Rivkin Radler LLP

[Webinar] Lunch and Learn Series: Conducting HIPAA Breach Assessments and Disclosures: Requirements and Tips for Success - June...

Rivkin Radler LLP on

On Thursday, June 13, the next installment of Rivkin Radler’s Healthcare Compliance Lunch & Learn series, will be presented by Rivkin Radler Partner Ashley Algazi and moderated by Robert Hussar. The program, “Conducting HIPAA...more

Dorsey & Whitney LLP

HHS OCR Settles HIPAA Investigation with Business Associate for $350,000

Dorsey & Whitney LLP on

Over the past decade, the number of health care data breaches reported to the U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”) has increased dramatically. From 2009 to 2022, over 5,000 data...more

Dorsey & Whitney LLP

FTC Takes First Enforcement Action for Violation of the Health Breach Notification Rule - A Federal Health Privacy Rule Beyond...

Dorsey & Whitney LLP on

On February 1, 2023, the Federal Trade Commission (FTC) filed a complaint in the U.S. District Court for the Northern District of California alleging that digital health platform GoodRx violated the FTC Act by repeatedly...more

Rivkin Radler LLP

[Webinar] Lunch and Learn Series: Conducting HIPAA Breach Assessments and Disclosures: Requirements and Tips for Success -...

Rivkin Radler LLP on

Please join us as Rivkin Radler Associate Ashley Algazi presents the September Lunch and Learn. The program will: - Review HIPAA breach definition - Discuss the analysis and investigation process to determine if a...more

Health Care Compliance Association (HCCA)

Still Missing a New Leader, Former OCR Directors, Experts Offer Advice, Task List

Health Care Compliance Association (HCCA) on

Issue a final rule revising the privacy regulation and write guidance on the information blocking rule. Formalize the fledgling audit program required by Congress more than 10 years ago. Engage with providers and other...more

K&L Gates LLP

K&L Gates Triage: HIPAA: Do Hospitals Need a Business Associate Agreement with their Health System Parent Corporation?

K&L Gates LLP on

In this week’s episode, Rebecca Schaefer and Hannah Maroney discuss a string of recent HIPAA enforcement actions which demonstrate that the HHS Office of Civil Rights (OCR), the agency tasked with enforcing HIPAA, is...more

Health Care Compliance Association (HCCA)

Payment Dispute Triggered First 2020 OCR Settlement

Health Care Compliance Association (HCCA) on

Report on Patient Privacy 20, no. 3 (March 2020) - A gastroenterologist in Utah who felt he was being held captive by an electronic health record (EHR) vendor found his 2013 complaint to the HHS Office for Civil Rights...more

Arnall Golden Gregory LLP

No Good Deed Goes Unpunished: Reporting Business Associate’s HIPAA Breach Results in Liability for Covered Entity

Arnall Golden Gregory LLP on

A recent Resolution Agreement between a solo practitioner physician practice and the U.S. Department of Health and Human Services Office for Civil Rights (OCR) reveals how complying with HIPAA by reporting a business...more

Health Care Compliance Association (HCCA)

Under New Settlement, Ambulance Co. Pays OCR $65K, Must Quickly Encrypt Computers

Health Care Compliance Association (HCCA) on

Report on Patient Privacy 20, no. 1 (January 2020) - In the waning days of 2019, the HHS Office for Civil Rights (OCR) didn’t halt the HIPAA enforcement momentum it had built up during the last quarter of the year, dinging...more

Health Care Compliance Association (HCCA)

'Misinterpretation' of Breach Rule, Lack of Internal BAA Cost Hospital Group $2.1M

Health Care Compliance Association (HCCA) on

Report on Patient Privacy 19, no. 12 (December 2019) - Sentara Hospitals, a nonprofit group of 12 medical centers in Virginia and North Carolina, will implement a fairly minimal two-year corrective action plan (CAP) and...more

Ballard Spahr LLP

HIPAA Guidance and Enforcement: A New Alignment?

Ballard Spahr LLP on

The Office of Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) announced that it has entered into a settlement with a business associate that provides electronic medical records services to health...more

Ballard Spahr LLP

A Modest HIPAA Settlement

Ballard Spahr LLP on

The Office of Civil Rights of the Department of Health and Human Services (OCR) announced that it has entered into a settlement with a business associate that provides electronic medical records services to health care...more

Bricker Graydon LLP

HHS publishes fact sheet on direct liability of business associates under HIPAA

Bricker Graydon LLP on

On May 24, 2019, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued a new fact sheet providing a compilation of all provisions through which a business associate may be held directly...more

Robinson+Cole Data Privacy + Security Insider

Privacy Tip #191 – Trying to Protect Your Medical Information—Let’s Ask Questions About Data Security

Robinson+Cole Data Privacy + Security Insider on

In the top three of the list of highly sensitive personal data to be concerned about is our medical information. It’s so sensitive because it is so personal. It used to be that our medical information was located in paper...more

Holland & Hart - Health Law Blog

HHS Reduces the Annual Cap for Most HIPAA Penalties

Holland & Hart - Health Law Blog on

HIPAA penalties vary depending on the type of conduct involved. (45 CFR § 160.404). Under HHS’s prior interpretation, the types of violations were all subject to an annual maximum penalty of $1,500,000 for identical types of...more

Sheppard Mullin Richter & Hampton LLP

Cybersecurity, Inside Jobs, Outside Jobs, and HIPAA

Sheppard Mullin Richter & Hampton LLP on

According to a February 12, 2019 Press Release from Protenus, a developer of analytics for patient privacy monitoring and compliance, 15,085,302 patient records were breached in 2018 – a startling number made even more...more

Jackson Lewis P.C.

A Trio Of OCR HIPAA Breach Resolutions: Is Your Organization HIPAA Compliant?

Jackson Lewis P.C. on

Over the past thirty days, the Office for Civil Rights (“OCR”) has reached three HIPAA breach resolutions, signaling to organizations that are covered entities and business associates under HIPAA, the importance of...more

Mintz - Health Care Viewpoints

HIPAA Penalties For Failure to Cut Off Access To Former Employee

Mintz - Health Care Viewpoints on

It has been a busy few weeks for HIPAA enforcement. On Tuesday, the Office for Civil Rights announced its third resolution of a HIPAA breach in as many weeks. In this latest matter, OCR announced that Pagosa Springs Medical...more

Mintz - Health Care Viewpoints

Another HIPAA Settlement for Failure to Enter Into a BAA

Mintz - Health Care Viewpoints on

Last week, the Office for Civil Rights (OCR) announced that it had reached a settlement with a contract physician group based in Florida to resolve potential HIPAA violations relating to the sharing of protected health...more

Robinson+Cole Data Privacy + Security Insider

Lessons Learned from Recent OCR HIPAA Audits

Robinson+Cole Data Privacy + Security Insider on

Covered entities, including employer sponsored health plans, should brace for audits and enforcement of the Privacy, Security, and Breach Notification rules by the Department of Health & Human Service Office of Civil Rights...more

Robinson+Cole Data Privacy + Security Insider

OCR Warns Health Care Industry of Risks with Previous Employees

Robinson+Cole Data Privacy + Security Insider on

In its November newsletter, the Office for Civil Rights (OCR) made a great point that we are seeing in the industry—the risks associated with previous employees. According to its newsletter, entitled “Insider Threats and...more

Robinson+Cole Data Privacy + Security Insider

Business Associate Resold Fax Machine Containing PHI

Robinson+Cole Data Privacy + Security Insider on

Fax machines are still used in the medical community, and these days, faxing may be more secure than emailing as hackers have not yet cracked the task of hacking into old fax machines. All kidding aside, fax machines have...more

66 Results
 / 
View per page
Page: of 3
Next »

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide