The settlement in the Accretive Health, Inc. PHI breach case provides a good example of how the blurring of the covered entity and business associate roles can backfire on parties that fail to sufficiently analyze and define such roles, not only at the outset of a relationship but throughout its duration and evolution.
Continue Reading Business Associate Breach Leads to $2.5M Settlement by Accretive: But Who is the Covered Entity or Business Associate Here, and Do We Care?
Business Associate Agreement
Advice from OCR’s Breach Parade Reviewing Stand: Verify Whether Your Business Associate is also an Independent Covered Entity
The federal Office of Civil Rights deems it necessary for a covered entity (CE) to verify whether a business associate (BA) is also a covered entity with respect to the CE’s protected health information; in turn such CE and BA and their respective counsel should use the verification process to develop provisions in the business associate agreement.
Continue Reading Advice from OCR’s Breach Parade Reviewing Stand: Verify Whether Your Business Associate is also an Independent Covered Entity
The Silent Brigade in the Parade of Major Reported PHI Breaches of Security and Privacy: Business Associates – An Update
The recent MedPage Today survey results as to “third party errors” mirrors to some extent the proportion of business associate involvement reported for incidents that involved higher numbers of individuals on the HHS list of large PHI breaches as of December 2, 2011.
Continue Reading The Silent Brigade in the Parade of Major Reported PHI Breaches of Security and Privacy: Business Associates – An Update
Stanford Hospital Emergency Room Data Breach: the Snoopy® Float Materializes in the Parade of PHI Breaches
Spectators of the Protected Health Information Breach Parade (and of the “silent brigade” of Business Associate breaches) will be awed by the sight of the recent, somewhat bizarre, Business Associate breach involving Stanford Hospital’s emergency room data.
Continue Reading Stanford Hospital Emergency Room Data Breach: the Snoopy® Float Materializes in the Parade of PHI Breaches
Ohio District 5 Area Agency on Aging, Inc.: a Business Associate Marcher in the Parade of Major PHI Security and Privacy Breaches
Ohio Health Plans, the public health care program overseen by the Ohio Department of Jobs and Family Services, reported that a PHI security breach had occurred on June 3, 2011 affecting 78,042 individuals, which had resulted from the theft of a laptop involving a business associate, Area Agency on Aging, Ohio District 5.
Continue Reading Ohio District 5 Area Agency on Aging, Inc.: a Business Associate Marcher in the Parade of Major PHI Security and Privacy Breaches
The Silent Brigade in the Parade of Major Reported PHI Breaches of Security and Privacy: Business Associates
One area that has received relatively little attention from postings of the HHS list of large breaches of unsecured PHI is the extent to which such PHI breaches are reported as attributable to events involving business associates of covered entities.
Continue Reading The Silent Brigade in the Parade of Major Reported PHI Breaches of Security and Privacy: Business Associates
“PHI Warnings” in Communications — A Potential Source of Unintended Security Breach?
PHI Warnings are being routinely used by hospitals, providers, health insurers, law firms and others that create, receive, maintain, or transmit PHI. Such PHI Warnings should be used and worded with caution, however.
Continue Reading “PHI Warnings” in Communications — A Potential Source of Unintended Security Breach?