Compliance News - page 21

Business Associates are now required to do a HIPAA risk assessment and remediate the risk.

**Key compliance actions for the new HIPAA privacy regulations** , Epstein Becker Green, Leah A. Roffman, Pamela D. Tyner and Patricia M. Wagner "In order to meet their responsibilities, business associates are now required to perform risk analyses. Such risk analyses must be accurate and thorough assessments of potential risks and vulnerabilities to the confidentiality, integrity, and availability of the electronic PHI that the business associate creates, receives, maintains, or transmits. The Security Rule also compels corrective actions to minimize any identified risks and vulnerabilities."

Finish Reading…

Posted May 9, 2013 by Jack Anderson

What your business needs to do about HIPAA—now Venable LLP Thora A. Johnson , Peter P. Parvis, Jennifer Spiegel Berman , Molly E. G. Ferraioli and Jessica E. Kuester

What your business needs to do about HIPAA—now, Venable LLP, Thora A. Johnson , Peter P. Parvis, Jennifer Spiegel Berman , Molly E. G. Ferraioli and Jessica E. Kuester ####

Finish Reading…

Posted May 7, 2013 by Jack Anderson

Get Set: New HIPAA has Teeth

“Providers should identify all of their vendors with access to personal health records and ensure they are protecting it according to the new HIPAA rule.” Jorge Rey, an associate principal and the director of information security and compliance for Kaufman, Rossin

Finish Reading…

Posted April 18, 2013 by Jack Anderson

HIPAA HITECH Business Associate Agreements

Business Associate agreements must contain provisions for compliance with the Security Rule and probably the Privacy Rule as well and they must require that the business associate have BAAs with their sub-contractors, says Drinker Biddle & Reath LLP, in an article titled "Business associate provisions under HIPAA Omnibus Rule."

Finish Reading…

Posted April 18, 2013 by Jack Anderson

CEs: Make Sure Your Business Associates Are HIPAA Compliant

New HIPAA rule will bring more enforcement action, expert says, Diana Manos is Senior Editor for Healthcare IT News, “Providers should identify all of their vendors with access to personal health records and ensure they are protecting it according to the new HIPAA rule.”Jorge Rey, an associate principal and the director of information security and compliance for Kaufman, Rossin,

Finish Reading…

Posted March 27, 2013 by Jack Anderson

Employee Benefit Plans Need to Check Business Associate HIPAA Compliance

Plan sponsors should note that the Omnibus Rule expands the definition of business associate and those parties subject to HIPAA’s Privacy and Security Rules and applies HIPAA’s civil and criminal penalties directly to business associates. Under the Omnibus Rule, business associates, including subcontractors of business associates, are directly liable for compliance with the Privacy and Security Rules if they create, receive, maintain or transmit PHI on behalf of the company or the plan. Such business associates for group health plans may include: Brokers; Consultants; Attorneys, Third-party administrators; and Health information organizations, e-prescribing gateways and other entities that transmit protected health information or access PHI.

Finish Reading…

Posted March 7, 2013 by Jack Anderson

Business Associate HIPAA Compliance

"Of greatest significance to Business Associates is the requirement to implement administrative, physical, and technical safeguards to comply with the HIPAA Security Regulations as if they were Covered Entities." **Business associate HIPAA compliance** , Lathrop & Gage LLP, Stacy N. Harper

Finish Reading…

Posted February 25, 2013 by Jack Anderson

BA Tracker Helps Covered Entities and Business Associates with HIPAA HITECH Compliance

Covered entities need "satisfactory assurances" that their business associates are HIPAA HITECH compliant and business associate need to be able to provide proof of on-going compliance. BA Tracker helps both.

Finish Reading…

Posted February 22, 2013 by Jack Anderson

Business Associate Size Matters for HIPAA HITECH

HIPAA allows the Business Associate to take into account their size and complexity when deciding how to comply with the Security Rule. "For instance, in deciding which security measures to implement, a BA may take into consideration its size, capabilities, the costs of the specific security measures, and the operational impact. BAs should note that as part of their compliance with the administrative safeguards, BAs must perform their own risk analyses, establish a risk management program, and designate a security officer, as well as have in place written policies and procedures, conduct employee training, and document compliance with the requirements."Changes affecting who is a business associate and new business associate obligations." Polsinelli Shughart PC, Thomas P. O'Donnell, Erin Fleming Dunlap, Rebecca L. Frigy and Matthew J. Murer

Finish Reading…

Posted February 20, 2013 by Jack Anderson

CEs: Beware Your Business Associates

The owners of a medical billing practice, a business associate, and four pathology groups, covered entities whose patient information was all improperly disposed, will collectively pay $140,000 to settle the claims. The settlement agreement requires each pathology group to vet all business associates, ensuring they have a written information security plan and the practices described are sufficient to comply with the groups’ obligations to protect personal information and PHI. The groups must also execute business associate agreements before disclosing any PI or PHI to service providers.

Finish Reading…

Posted February 13, 2013 by Jack Anderson