News & Analysis as of September 17, 2024

Protected Health Information

+ Follow

Business Associates can refer broadly to individuals engaged in business relationships with one another. However, in the HIPAA context, the term has a specific statutory meaning and those characterized as business associates have expanded data protection obligations and duties. Essentially, a business associate under HIPAA is a person or entity that performs certain functions or services which necessitates exposure to protected health information on behalf of a covered entity. Typical business associate functions include: claims processing or administration, data analysis, billing, etc. less -

[Event] Healthcare Privacy Compliance Academy - December 9th - 12th, San Diego, CA

Health Care Compliance Association (HCCA) on 9/11/2024

HCCA's Healthcare Privacy Compliance Academy is a three-and-a-half-day interactive education program with a focus on the vast body of privacy laws and regulations in place to help you protect PHI and other critical data. Our...more

[Event] Healthcare Privacy Compliance Academy - November 18th - 21st, Boston, MA

Health Care Compliance Association (HCCA) on 8/30/2024

What HIPAA Security Rule Surprises Await Healthcare Providers for the Second Half of 2024?

Holland & Knight LLP on 5/14/2024

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has, as part of its mandate, the responsibility to enforce the Health Insurance Portability and Accountability Act (HIPAA) Security Rule....more

Introduction to HIPAA Compliance Considerations for Health Care Providers

Smith Anderson on 3/27/2024

Data privacy and security are a rapidly expanding area of regulatory activity and patient attention. For most health care providers, central data privacy and security legal obligations flow from the federal Health Insurance...more

[Event] Healthcare Privacy Compliance Academy - July 15th - 18th, Charlotte, NC

Health Care Compliance Association (HCCA) on 3/13/2024

Ideal for professionals with some compliance knowledge and experience, HCCA’s Healthcare Privacy Compliance Academy offers practitioners a deeper understanding of effective compliance management in a healthcare setting. The...more

2022 Outlook: More Dangerous Ransomware Coupled With Inadequate Security Practices

Health Care Compliance Association (HCCA) on 1/17/2022

Report on Patient Privacy 22, no. 1 (January, 2022) - As the COVID-19 pandemic enters its third year, real “security fatigue” with pandemic-related issues will combine with cybercriminals’ increasingly sophisticated...more

DOJ Announces New Initiative to Use False Claims Act to Enforce Compliance with Data Privacy and Security Laws and Contract...

Goodwin on 12/7/2021

The Department of Justice recently announced the launch of its new Civil Cyber-Fraud Initiative (the “Initiative”) which intends to use the False Claims Act to pursue “cybersecurity-related fraud by government contractors and...more

4 Ways to Protect ePHI Beyond HIPAA Compliance

NAVEX on 8/14/2020

Given the choice between credit card data and digital health records, cybercriminals prefer the latter. A stolen credit card can be canceled. Electronic protected health information (ePHI) with its treasure-trove of...more

HIPAA Enforcement Update (January 1 –December 11, 2018)

Locke Lord LLP on 1/21/2019

Throughout 2018, the Department of Health and Human Services, Office for Civil Rights (OCR) has announced seven settlement agreements and one civil monetary penalty to resolve allegations of Health Insurance Portability and...more

Is Your E-PHI Secure? ONC And OCR Update HIPAA Security Risk Assessment Tool

Jackson Lewis P.C. on 10/30/2018

October 2018 marks the 15th annual National Cyber Security Awareness Month. In honor of this occasion, the Office of the National Coordinator for Health Information Technology (ONC) and the HHS Office for Civil Rights (OCR)...more

Five Frequently Overlooked Mistakes in HIPAA Compliance

Poyner Spruill LLP on 7/24/2018

HIPAA was enacted in 1996. In the years since, most healthcare entities have adapted to the major requirements imposed by HIPAA, HITECH, and the Privacy and Security Rules. Nevertheless, the thicket of regulations still...more

Healthcare Advisory: HHS Announces First Settlement with a Wireless Health Services Provider

Sherman & Howard L.L.C. on 4/26/2017

On April 24, 2017, the Department of Health and Human Services, Office of Civil Rights (“OCR”), announced its first settlement with a wireless health services provider, CardioNet, Inc., for alleged violations of the Health...more

HHS OCR Levies Significant HIPAA Penalties in a Series of Recent Settlements: Covered Entities and Business Associates Alike...

Arnall Golden Gregory LLP on 12/15/2016

Between June and November 2016, the Department of Health and Human Services Office of Civil Rights (HHS OCR) has announced seven high-dollar settlements to resolve alleged violations of the HIPAA privacy, security, and breach...more

OCR Stresses Importance of Authentication in Newsletter

Robinson+Cole Data Privacy + Security Insider on 11/21/2016

In a recent newsletter, the Office for Civil Rights (OCR) encourages health care organizations to review their procedures around authentication and “ensure that they have the appropriate safeguards in place.”...more

HHS Designates Cloud Service Providers as Business Associates Under HIPAA

Ballard Spahr LLP on 11/7/2016

Cloud service providers that process electronic protected health information (ePHI) are business associates under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), even if the PHI is encrypted and the...more

Latest OCR HIPAA Settlement Provides Lessons for Covered Entities

Mintz - Health Care Viewpoints on 8/11/2016

Capping off a busy month of HIPAA settlements, on August 4, the Office for Civil Rights (“OCR”) announced a $5.55 million settlement with Advocate Health Care Network (“Advocate”), the largest fully-integrated healthcare...more

Client Alert: The Government Enters into Largest HIPAA Settlement to Date; What HIPAA Covered Entities and Business Associates...

Shumaker, Loop & Kendrick, LLP on 8/10/2016

Advocate Health Care Network, which operates 12 hospitals and more than 200 other treatment centers in Chicago and central Illinois, has agreed to the largest settlement to date with the Office for Civil Rights (“OCR”) for...more

OCR Releases Updated HIPAA Audit Protocol and Business Associate Listing Template

Foley & Lardner LLP on 4/26/2016

The Office of Civil Rights (OCR) recently updated the audit protocol that it will be using to assess Covered Entities’ and Business Associate’s compliance with the Health Insurance Portability and Accountability Act (HIPAA)...more

Next Phase of HHS Office for Civil Rights HIPAA Audits

Winstead PC on 3/29/2016

On March 21, 2016, the U.S. Department of Health and Human Services, Office for Civil Rights (“OCR”) announced that it has begun its phase 2 Health Insurance Portability and Accountability Act (“HIPAA”) audit program. In...more

Don’t Neglect Your Business Associate Agreements!

Mintz - Health Care Viewpoints on 3/18/2016

As we have repeatedly emphasized on this blog, HIPAA Covered Entities must ensure that they have compliant business associate agreements (“BAAs”) in place with all of their business associates and must ensure that they have...more

Top Five Resolutions for Covered Entities and Business Associates in 2015

Obermayer Rebmann Maxwell & Hippel LLP on 1/6/2015

The New Year is here. It is time to make those 2015 resolutions, and not just those for getting fit and healthy. Resolve now to improve your organization’s compliance with the Health Insurance Portability and Accountability...more

HIPAA Settlement Underscores the Vulnerability of Unpatched and Unsupported Software

Baker Donelson on 12/11/2014

The title of this alert, which comes straight from the Department of Health and Human Services Office for Civil Rights' (OCR) announcement of its most recent settlement, again underscores the critical need for covered...more

Legal Alert: Final HIPAA Regulations Released: Time To Review Your HIPAA Policies?

FordHarrison on 2/19/2013

The U.S. Department of Health and Human Services ("HHS") recently released long-awaited final HIPAA Regulations. The new regulations finalize many changes previously proposed to the Privacy, Security, and Enforcement Rules,...more

The New HIPAA Omnibus Rule & Your Liability — A Detailed Review

Mintz - Privacy & Cybersecurity Viewpoints on 2/18/2013

As we have reported in this blog, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently released final regulations containing modifications to the HIPAA Privacy, Security, Enforcement, and...more

A Detailed Analysis of Changes to HIPAA and the Implications for Healthcare Providers and Others in the Healthcare Industry: HIPAA...

Womble Bond Dickinson on 2/7/2013

Changes to the HIPAA Breach Notification Rule - Background: The HITECH Act required Covered Entities to notify individuals, HHS, and in some cases, the media, of a Breach of Unsecured PHI. A Business Associate is...more

27 Results

View per page

Page: of 2

Business Associates › Risk Assessment › Protected Health Information

"My best business intelligence, in one easy email…"