Compliance News - page 20

HIPAA, business associates, and the cloud Baker & Hostetler LLP Kimberly M. Wong

" In order to monitor business associates, post Final Rule, health care industry trend demonstrates that covered entities are adding pre-contract risk/controls assessments, enhancing contractual safeguards and business associate agreements, and adding/enhancing post-contract audits. With liability flowing downstream, covered entities and business associates must complete their due diligence before entering into contracts with vendors who may maintain PHI."

Finish Reading…

Posted June 28, 2013 by Jack Anderson

HIPAA HITECH: Know how your PHI is Handled

“Under data privacy laws such as HIPAA/HITECH, a company is responsible for how data is handled in the hands of its business associates and vendors,” explain the authors. “An organization must know where all of its data is going and how it is being managed, particularly if it goes to a third party.” 2013 IT Security and Privacy Survey Knowing How – and Where – Your Confidential Data Is Classified and Managed: A Survey on the Current State of IT Security and Privacy Policies and Practices. http://www.protiviti.com/ITsecuritysurvey

Finish Reading…

Posted June 23, 2013 by Jack Anderson

HIPAA in the cloud: storing PHI may make you a business associate under HIPAA Winston & Strawn LLP Linda Lemel Hoseman and Liisa M. Thomas

HIPAA in the cloud: storing PHI may make you a business associate under HIPAA, Winston & Strawn LLP Linda Lemel Hoseman and Liisa M. Thomas

Finish Reading…

Posted June 19, 2013 by Jack Anderson

Certified HIPAA Business Associate? Maybe

"Now that HHS and Amazon are working together, covered entities should find CSPs more receptive to entering into business associate agreements."Business associate agreements: more readily accepted by cloud service providers? Maybe Baker & Hostetler LLP, Lynn Sessions and Michael R. Young

Finish Reading…

Posted June 18, 2013 by Jack Anderson

Think you’re not covered by HIPAA? Think again. Morrison & Foerster LLP Andrew B. Serwin , Peter F. McLaughlin and Melissa M. Crespo

"This means that the Security Rule, the Breach Notification Rule, and certain provisions of the Privacy Rule now apply directly to Business Associates, with the potential for enforcement by HHS directly against the Business Associate. As a result, Business Associates are now required to conduct a risk analysis to assess the nature and volume of electronic PHI ("ePHI") and the risks of unauthorized use or disclosure of PHI. They must implement administrative, technical, and physical safeguards appropriate to the risks and vulnerabilities identified in the risk analysis."

Finish Reading…

Posted June 13, 2013 by Jack Anderson

Are Your Vendors Violating HIPAA?

Are Your Vendors Violating HIPAA? Why Internal HIPAA Compliance May Not Be Enough Written by Holly Carnell, JD, and Meggan Bushee, JD, McGuire Woods | June 04, 2013. Beckers Hospital Review.

Finish Reading…

Posted June 5, 2013 by Jack Anderson

HIPAA Checklist From Healthcare Law Firm

"Perform ongoing monitoring of compliance with HIPAA privacy and security policies and take corrective actions if you detect non-compliance or ineffective processes." OCR Scrutiny Continues – Are You Ready For the September Deadline?

Finish Reading…

Posted May 30, 2013 by Jack Anderson

HIPAA Risk Analysis and Ongoing Risk Management Essential

“[A] risk analysis, ongoing risk management, and routine information system reviews are the cornerstones of an effective HIPAA security compliance program.” HHS OCR Director Leon Rodriguez

Finish Reading…

Posted May 29, 2013 by Jack Anderson

BA Causes HIPAA Data Breach for Presbyterian Anesthesia Associates

More details from Presbyterian Anesthesia Associates breach, Kyle Murphy, PhD | Date May 15, 2013 "As the Security Breach Reporting Form reveals, the breach occurred on a server used by E-Dreamz, Inc., the Charlotte-based company hired by Presbyterian Anesthesia Associates to operate and maintain its e-commerce service. The medical practice has subsequently switched to a new service provider in the wake of the incidence."

Finish Reading…

Posted May 15, 2013 by Jack Anderson

Fallout from failing to conduct a HIPAA risk analysis, Epstein Becker Green, Alaap B. Shah

Fallout from failing to conduct a HIPAA risk analysis, Epstein Becker Green, Alaap B. Shah "There are many reasons a healthcare entity dealing with protected health information (“PHI”) should conduct a risk analysis. First and foremost, if conducted properly, a risk analysis should identify PHI-containing systems, assess vulnerabilities of those systems, evaluate and prioritize risks to those systems, and assist in developing mitigation strategies to safeguard the systems. These on-going efforts can help ensure adequate protection of patients’ health information.

Finish Reading…

Posted May 10, 2013 by Jack Anderson