Omnibus rule

Does your business associate agreement (BAA) reflect your business deal, or is it a bare bones HIPAA compliance document?

Now is the time to check. The HIPAA “Omnibus Rule” published
Continue Reading Two Months to Amend HIPAA Business Associate Agreements for Omnibus Compliance, But Beware the Bare Bones BAA

I read a recent Forbes.com post by Rick Ungar (“Claims That Obamacare Website Violates Health Privacy Reveals Embarrassing Fact – GOP Does Not Understand HIPAA or Obamacare”) that revealed a
Continue Reading Embarrassing Fact: Few Seem to Understand HIPAA or the ACA (at least when it comes to individual health coverage to be purchased on an Exchange)

Where did the time go?  Today’s the day – September 23, 2013.  This is compliance day for most of the Omnibus Rule changes.  I had a feeling this deadline would
Continue Reading Ten Days, Ten Tips – Countdown to Omnibus Rule Compliance #4 and #5 (aka #8 and #9)

This blog series has been following breaches of Protected Health Information (“PHI”) that have been reported on the U.S. Department of Health and Human Services (“HHS”) ever-lengthening parade list (the
Continue Reading The Parade of Major Reported PHI Breaches Jumps Ahead to 646 – Part 2: Business Associates Continue to Augment the Numbers

Under HIPAA, where do we draw the line between a run-of-the-mill, ordinary garden variety “security incident” and a “presumed breach” when it comes to reporting PHI events? How do we describe these types of reporting obligations in business associate agreements?
Continue Reading Do I really need to report (or get a report on) every “Security Incident” under the sun to comply with HIPAA?