The settlement in the Accretive Health, Inc. PHI breach case provides a good example of how the blurring of the covered entity and business associate roles can backfire on parties that fail to sufficiently analyze and define such roles, not only at the outset of a relationship but throughout its duration and evolution.
Continue Reading Business Associate Breach Leads to $2.5M Settlement by Accretive: But Who is the Covered Entity or Business Associate Here, and Do We Care?

If the PHI flowing through information superhighways and into and out of clouds and other data bases is adequately secured and the increased use and sophistication of health information technology results in improved quality and reduced cost, can anyone reasonably object to this race?
Continue Reading Protected Health Information on HIT Super-Highways: If it’s Secure, Do We Care Where it Travels and How it is Used When it Lands?

Ohio Health Plans, the public health care program overseen by the Ohio Department of Jobs and Family Services, reported that a PHI security breach had occurred on June 3, 2011 affecting 78,042 individuals, which had resulted from the theft of a laptop involving a business associate, Area Agency on Aging, Ohio District 5.
Continue Reading Ohio District 5 Area Agency on Aging, Inc.: a Business Associate Marcher in the Parade of Major PHI Security and Privacy Breaches