News & Analysis as of September 17, 2024

Protected Health Information

+ Follow

Business Associates can refer broadly to individuals engaged in business relationships with one another. However, in the HIPAA context, the term has a specific statutory meaning and those characterized as business associates have expanded data protection obligations and duties. Essentially, a business associate under HIPAA is a person or entity that performs certain functions or services which necessitates exposure to protected health information on behalf of a covered entity. Typical business associate functions include: claims processing or administration, data analysis, billing, etc. less -

Northern District of Texas Flashes the ‘Blue Lights’ on OCR’s Pixel Guidance

BakerHostetler on 6/28/2024

On June 20, 2024, the Northern District of Texas issued its final order in American Hospital Association, et al. v. Becerra, et al. (AHA), granting the plaintiffs’ (the American Hospital Association, two Texas health systems...more

HHS Updates Its Guidance on Online Tracking Technologies – Controversy Remains

Woods Rogers on 4/29/2024

The U.S. Department of Health and Human Services, Office of Civil Rights (OCR) recently updated its controversial, year-old guidance document on the use of online tracking technologies by healthcare providers and other...more

HIPAA on the Horizon in the New Year: Important Lessons from an Active 2023 and Regulatory Initiatives to Watch for in 2024

Dorsey & Whitney LLP on 1/4/2024

2023 marked 20 years since the first compliance deadline under the Health Insurance Portability and Accountability Act’s (“HIPAA”) privacy rule. Despite the two decades of experience with HIPAA, compliance continues to remain...more

Lawsuit Seeks to Block OCR HIPAA Guidance on Online Tracking Tools

Holland & Knight LLP on 11/8/2023

Hospitals care about patient privacy, but they also have to connect with the public. In the real world, people mostly connect online. Having a fully functional online presence often requires help from third parties. ...more

Federal Trade Commission and U.S. Department of Health and Human Services Issue Warnings Related to Use of "Online Tracking...

Venable LLP on 10/4/2023

The Federal Trade Commission (FTC) and the U.S. Department of Health and Human Services' Office for Civil Rights (OCR) recently published a warning letter that they jointly sent to more than 130 hospital systems and...more

[Virtual Event] Healthcare Enforcement Compliance Conference - November 7th - 9th, 8:55 am - 3:30 pm CST

Health Care Compliance Association (HCCA) on 9/1/2022

Hear directly from the enforcement community - Want to gain insight into properly monitoring, detecting, investigating, and managing violations? Join us virtually at HCCA’s Annual Healthcare Enforcement Compliance...more

Privacy and Healthcare Business Associates with Isabella Porter

Health Care Compliance Association (HCCA) on 4/14/2022

Isabella Porter is the director of compliance and privacy officer of District Medical Group and author of the chapter “Patient Privacy and Security: Business Associates” in the Complete Healthcare Compliance Manual. In this...more

2022 Outlook: More Dangerous Ransomware Coupled With Inadequate Security Practices

Health Care Compliance Association (HCCA) on 1/17/2022

Report on Patient Privacy 22, no. 1 (January, 2022) - As the COVID-19 pandemic enters its third year, real “security fatigue” with pandemic-related issues will combine with cybercriminals’ increasingly sophisticated...more

Nick Culbertson on Compliance Breaches in Healthcare

Health Care Compliance Association (HCCA) on 7/15/2021

Preventing data breaches is a critical task for all businesses these days, but it’s especially so in healthcare. No one wants to see health information disclosed, and the risks of a ransomware attack are enormous, literally...more

[Virtual Event] 2021 25th Annual Compliance Institute - April 19th - 22nd, 9:30 am - 4:35 pm CDT

Health Care Compliance Association (HCCA) on 1/26/2021

The Compliance Institute is celebrating 25 years! Join us for the Compliance Institute's 25th anniversary, April 19-22, 2021. This year, HCCA is excited to celebrate over two decades of compliance excellence with our...more

K&L Gates Triage: HIPAA: Do Hospitals Need a Business Associate Agreement with their Health System Parent Corporation?

K&L Gates LLP on 8/20/2020

In this week’s episode, Rebecca Schaefer and Hannah Maroney discuss a string of recent HIPAA enforcement actions which demonstrate that the HHS Office of Civil Rights (OCR), the agency tasked with enforcing HIPAA, is...more

'Misinterpretation' of Breach Rule, Lack of Internal BAA Cost Hospital Group $2.1M

Health Care Compliance Association (HCCA) on 12/5/2019

Report on Patient Privacy 19, no. 12 (December 2019) - Sentara Hospitals, a nonprofit group of 12 medical centers in Virginia and North Carolina, will implement a fairly minimal two-year corrective action plan (CAP) and...more

Project Nightingale: The Google-Ascension partnership

Health Care Compliance Association (HCCA) on 12/5/2019

ethikos 33, no. 12 (December 2019) - On November 11, the Wall Street Journal reported that Alphabet Inc’s Google had formed a partnership with Ascension, a Catholic chain of 2,600 hospitals, doctors’ offices, and other...more

Report on Patient Privacy Volume 19, Number 11. Privacy Briefs: November 2019

Health Care Compliance Association (HCCA) on 11/12/2019

Report on Patient Privacy Volume 19, Number 11. (November 2019) ? The biggest threat to protected health information comes from carelessness within your organization, according to a brief from the Clearwater...more

Cottage Health Settles with OCR for $3M

Robinson+Cole Data Privacy + Security Insider on 2/12/2019

We previously reported that Cottage Health, a health care entity operating several hospitals in California, settled with the State of California for $2 million for a security incident that occurred in 2013. On February 7,...more

Company’s Vendor Suffers Breach, No Business Associate Agreement, $500K OCR Settlement

Sheppard Mullin Richter & Hampton LLP on 12/21/2018

A Florida staffing agency which provides physicians to hospitals and nursing homes, has agreed to a $500,000 settlement with the U.S. Department of Health and Human Services, Office for Civil Rights. The settlement comes...more

Colorado Hospital Pays $111,400 HIPAA Settlement For Failing To Stop Former Employee From Having Access To Patient Protected...

Tucker Arensberg, P.C. on 12/12/2018

The U.S. Department of Health and Human Services, Office for Civil Rights (“HHS”) just announced an $111,400 settlement and substantial corrective action plan for a Colorado hospital whose former employee still had access to...more

A New FBI Warning for Healthcare Providers

Mintz - Privacy & Cybersecurity Viewpoints on 3/30/2017

The FBI has issued new guidance specifically applicable to medical and dental facilities regarding the cybersecurity risk of File Transfer Protocol (“FTP”) servers operating in “anonymous” mode. FTPs are routinely used to...more

Recent HIPAA Settlements Highlight Importance Of Business Associate Agreements

Fisher Phillips on 11/3/2016

Two related healthcare companies were forced to pay settlements with the federal government totaling over $500,000 over allegations relating to a data breach involving patient health information. Much of the negative...more

Two Additional HIPAA Settlements Demonstrate Breadth of HIPAA Enforcement Activity

Saul Ewing LLP on 4/26/2016

During the week of April 18, 2016, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) announced two significant settlements with a large New York City hospital and a North Carolina orthopaedic...more

Department of Health and Human Services Cracks Down on Vendor Oversight in Recent Hospital Settlements

Patterson Belknap Webb & Tyler LLP on 4/26/2016

From the rise in ransomware attacks to inadvertent disclosure of information by subcontractors, the health services industry is reminded that a potential consequence of a data breach is the threat of a regulatory enforcement...more

Blog: Hospital and Vendor Reach Agreement to Settle Alleged HIPAA Violations with Connecticut AG

Cooley LLP on 11/16/2015

Last week, the Connecticut Attorney General (the “Connecticut AG”) announced that Hartford Hospital and its subcontractor, EMC Corporation (“EMC”), agreed to settle potential violations of the Health Insurance Portability and...more

Alert: Key Regulatory Considerations for Digital Health Companies

Cooley LLP on 9/11/2015

Digital health is a growing field that promises improved patient education, wellness, engagement, access to care, and outcomes, among other things. However, with these new technologies come unique regulatory concerns that...more

St. Elizabeth’s Medical Center Pays $218,400 to Settle Alleged HIPAA Security Case Stemming from Use of Cloud-Based Document...

Latham & Watkins LLP on 9/2/2015

Alleged HIPAA Violations Resulted from Medical Center’s Failure to Risk Assess Internet-Based Document Sharing Application and Inadequate Breach Response. The US Department of Health and Human Services (HHS) Office for...more

HIPAA and Jason Pierre-Paul’s Medical Chart – Setting the Record Straight

Benesch on 7/10/2015

Last night, ESPN reporter Adam Schefter tweeted a photo of New York Giants defensive end Jason Pierre-Paul’s medical chart, which chart indicated that Pierre Paul had his index finger amputated. The amputation was apparently...more

29 Results

View per page

Page: of 2

Business Associates › Hospitals › Protected Health Information

"My best business intelligence, in one easy email…"