Business Associate Agreement

The settlement in the Accretive Health, Inc. PHI breach case provides a good example of how the blurring of the covered entity and business associate roles can backfire on parties that fail to sufficiently analyze and define such roles, not only at the outset of a relationship but throughout its duration and evolution.
Continue Reading Business Associate Breach Leads to $2.5M Settlement by Accretive: But Who is the Covered Entity or Business Associate Here, and Do We Care?

The recent MedPage Today survey results as to “third party errors” mirrors to some extent the proportion of business associate involvement reported for incidents that involved higher numbers of individuals on the HHS list of large PHI breaches as of December 2, 2011.
Continue Reading The Silent Brigade in the Parade of Major Reported PHI Breaches of Security and Privacy: Business Associates – An Update

Spectators of the Protected Health Information Breach Parade (and of the “silent brigade” of Business Associate breaches) will be awed by the sight of the recent, somewhat bizarre, Business Associate breach involving Stanford Hospital’s emergency room data.
Continue Reading Stanford Hospital Emergency Room Data Breach: the Snoopy® Float Materializes in the Parade of PHI Breaches

Ohio Health Plans, the public health care program overseen by the Ohio Department of Jobs and Family Services, reported that a PHI security breach had occurred on June 3, 2011 affecting 78,042 individuals, which had resulted from the theft of a laptop involving a business associate, Area Agency on Aging, Ohio District 5.
Continue Reading Ohio District 5 Area Agency on Aging, Inc.: a Business Associate Marcher in the Parade of Major PHI Security and Privacy Breaches

One area that has received relatively little attention from postings of the HHS list of large breaches of unsecured PHI is the extent to which such PHI breaches are reported as attributable to events involving business associates of covered entities.
Continue Reading The Silent Brigade in the Parade of Major Reported PHI Breaches of Security and Privacy: Business Associates