I was recently asked whether the sending of an unencrypted group email to participants in a health-related support group violated HIPAA.  Faithful blog readers can guess my first question:  “Was the sender a covered entity, business associate, or subcontractor?”  Many support group entities are non-profit organizations staffed by volunteers and do not meet the definition

The deadline for executing a HIPAA Omnibus Rule-compliant Business Associate Agreement (BAA) looms just 2 short weeks from today.  What can a busy covered entity (CE) or business associate (BA) do quickly to show HHS (let alone its business partners/contractors) that it wants and fully intends to comply with the new requirements?  Here are  3

The number of large breaches of Protected Health Information (PHI) under HIPAA that have been reported on the so-called “Wall of Shame” (the HHS List) maintained by the U.S. Department of Health and Human Services has jumped by 239 to 885 in less than a year.    The most common breach type is “theft” in this

The recent United States Supreme Court decision in Burwell v. Hobby Lobby Stores, Inc. has  attorneys, pundits, policy-makers and businesses (yes, corporations are people, too) pondering big, quintessentially American issues like the free exercise of religion, compelling government interests, and our fundamental right to make money (and, as a corollary issue, what distinguishes for-profit

Michael J. Coco writes:

If you have ever bought or sold a business, or you have experience with the process, you are aware of the due diligence efforts and multiple agreements required to close the deal. Transactions involving the sale or purchase of health care related business, such as a medical practice, often take the

My partner Elizabeth Litten and I were interviewed by Marla Durben Hirsch for her recent article in Medical Practice Compliance Alert entitled “Evaluate Relationships Before Signing Business Associate Agreements.” While the full text can be found in the February 3, 2014 issue of Medical Practice Compliance Alert, the following considerations are based upon points

Michael J. Coco writes:

The expanded requirements under the HIPAA Omnibus Rule for a Business Associate Agreement (“BAA”) has created an increase in volume and the need for analysis of such agreements, as individuals in industries traditionally unrelated to health care – such as IT vendors –find themselves confronting issues respecting a BAA. The increase

Who you are makes a big difference in how and whether you must protect individually identifiable health information under HIPAA.   As we near the end of 2013, I look back at the events of the past year and am struck by the breadth and complexity of the issues we have written about on this blog