By Matt Fisher – When the likely inevitable data breach occurs, who is responsible for sending the notice? Does the answer change when a breach is bigger? Does the answer change because a business associate is involved? Understanding ahead of time is informative, especially since the issue has been thrown into the spotlight by the big breach at Change Healthcare.
Read More
By Art Gross – A recent incident involving Arkansas-based MedEvolve serves as a reminder of the consequences that arise from the mishandling of PHI and the importance of healthcare businesses ensuring that they and their business associates are HIPAA compliant.
By Art Gross – The HIPAA Omnibus Rule was established to identify and further outline accountability within the entities of healthcare regarding patient data. To understand the HIPAA Omnibus Rule and how it affects these entities, we need to understand who and what are the “moving parts” that make up the operation.
By Matt Fisher – How is HIPAA enforced? That may be a simple enough question, but it also contains more nuance than may initially be expected. Determining how HIPAA is enforced can depend upon how the term enforcement is viewed and interpreted.
By William O’Toole – To BA or not to BA? When a covered entity contracts with two vendors for interface software between the vendors’ systems each vendor is a business associate of the covered entity, no different than before the interface project.
By Matt Fisher – If an organization is involved in healthcare, whether as a provider, facility, consultant, vendor or in almost any other capacity, it is highly likely that HIPAA applies to internal operations and relationships with other parties.
By Greg Waldstreicher – A decade ago, there was very little noise in the healthcare industry about Business Associate Agreements. In fact, most professionals outside of legal and compliance departments had little knowledge of these important patient data protection directives.
By Chris Apgar – The Office of Civil Rights is in the midst of the latest round of HIPAA audits. If your organization is a business associate (BA) or a covered entity (CE) and it’s not already prepared, you have a challenge facing you.
By D’Arcy Gue – A HIPAA-related bomb hit the healthcare industry this summer. The Office of Civil Rights slapped a landmark penalty on a business associate to the tune of $650,000. This was the first ever penalty on a business associate.