Yesterday’s listserv announcement from the Office for Civil Rights (OCR) within the U.S. Department of Health and Human Services (HHS) brought to mind this question. The post announces the agreement
Continue Reading To BAA or Not to BAA? The Question a Florida Provider Should Have Asked in 2011 Results in a Half Million Dollar Payment in 2018
U.S. Department of Health and Human Services
“I Want My PHI”, Part 2 – OCR Audits Will Focus on Individual Access Rights
We blogged on this back in early May, but compliance with individuals’ rights to access their PHI under HIPAA is even more critical now that OCR has announced that its…
Continue Reading “I Want My PHI”, Part 2 – OCR Audits Will Focus on Individual Access Rights
Phishing for PHI
Two recently reported breaches of hospital data affecting thousands of patients highlight the prevalence, and apparent success, of phishing attacks. …
Continue Reading Phishing for PHI
HIPAA Holiday Cheer (Lament?)
On the twelfth day of breaches
my hacker sent to me:
Twelve Data Downloads
Eleven Plundered Patches
Ten Missed BA Contracts
Nine Malware Installs
Eight Mis-sent Faxes
Seven Stolen Laptops…
Continue Reading HIPAA Holiday Cheer (Lament?)
Embarrassing Fact: Few Seem to Understand HIPAA or the ACA (at least when it comes to individual health coverage to be purchased on an Exchange)
I read a recent Forbes.com post by Rick Ungar (“Claims That Obamacare Website Violates Health Privacy Reveals Embarrassing Fact – GOP Does Not Understand HIPAA or Obamacare”) that revealed a…
Continue Reading Embarrassing Fact: Few Seem to Understand HIPAA or the ACA (at least when it comes to individual health coverage to be purchased on an Exchange)
Business Associate Breach Leads to $2.5M Settlement by Accretive: But Who is the Covered Entity or Business Associate Here, and Do We Care?
The settlement in the Accretive Health, Inc. PHI breach case provides a good example of how the blurring of the covered entity and business associate roles can backfire on parties that fail to sufficiently analyze and define such roles, not only at the outset of a relationship but throughout its duration and evolution.
Continue Reading Business Associate Breach Leads to $2.5M Settlement by Accretive: But Who is the Covered Entity or Business Associate Here, and Do We Care?