News & Analysis as of August 11, 2025

Risk Assessment

+ Follow

Business Associates can refer broadly to individuals engaged in business relationships with one another. However, in the HIPAA context, the term has a specific statutory meaning and those characterized as business associates have expanded data protection obligations and duties. Essentially, a business associate under HIPAA is a person or entity that performs certain functions or services which necessitates exposure to protected health information on behalf of a covered entity. Typical business associate functions include: claims processing or administration, data analysis, billing, etc. less -

Top 10 takeaways from the new HIPAA security rule NPRM

Bradley Arant Boult Cummings LLP on 3/20/2025

On Jan. 6, 2025, the U.S. Department of Health and Human Services (HHS) proposed new regulations to enhance cybersecurity protections for electronic protected health information (ePHI) under the Health Insurance Portability...more

Biden Administration Proposes Beefed-Up HIPAA Security Rule… But Prognosis Uncertain

Groom Law Group, Chartered on 2/18/2025

On January 6, 2025, the Biden Administration issued a new proposed rule updating the HIPAA Security Standards ( “Proposed Rule”). The original HIPAA Security Standards were issued in 2003 and updated in 2013 and require that...more

Proposed Changes to the HIPAA Security Rule Will Have a Significant Impact on the Health Care Sector

Cozen O'Connor on 1/13/2025

A few days ago, the U.S. Department of Health and Human Services (“HHS”), through its Office for Civil Rights, issued the proposed rule HIPAA Security Rule to Strengthen the Cybersecurity of Electronic Protected Health...more

[Event] Healthcare Privacy Compliance Academy - January 27th - 30th, Orlando, FL

Health Care Compliance Association (HCCA) on 11/20/2024

HCCA's Healthcare Privacy Compliance Academy is a three-and-a-half-day interactive education program with a focus on the vast body of privacy laws and regulations in place to help you protect PHI and other critical data. Our...more

[Event] Healthcare Privacy Compliance Academy - July 15th - 18th, Charlotte, NC

Health Care Compliance Association (HCCA) on 3/13/2024

Ideal for professionals with some compliance knowledge and experience, HCCA’s Healthcare Privacy Compliance Academy offers practitioners a deeper understanding of effective compliance management in a healthcare setting. The...more

2022 Outlook: More Dangerous Ransomware Coupled With Inadequate Security Practices

Health Care Compliance Association (HCCA) on 1/17/2022

Report on Patient Privacy 22, no. 1 (January, 2022) - As the COVID-19 pandemic enters its third year, real “security fatigue” with pandemic-related issues will combine with cybercriminals’ increasingly sophisticated...more

DOJ Announces New Initiative to Use False Claims Act to Enforce Compliance with Data Privacy and Security Laws and Contract...

Goodwin on 12/7/2021

The Department of Justice recently announced the launch of its new Civil Cyber-Fraud Initiative (the “Initiative”) which intends to use the False Claims Act to pursue “cybersecurity-related fraud by government contractors and...more

4 Ways to Protect ePHI Beyond HIPAA Compliance

NAVEX on 8/14/2020

Given the choice between credit card data and digital health records, cybercriminals prefer the latter. A stolen credit card can be canceled. Electronic protected health information (ePHI) with its treasure-trove of...more

[Event] March Privacy Compliance Academy - March 9th - 12th, San Diego, CA

Health Care Compliance Association (HCCA) on 1/16/2020

Dive into a broad spectrum of topics affecting healthcare organizations. Explore the latest laws, regulations, and developments to help you effectively manage your organization’s privacy compliance program. Our Academies are...more

HIPAA Enforcement Update (January 1 –December 11, 2018)

Troutman Pepper Locke on 1/21/2019

Throughout 2018, the Department of Health and Human Services, Office for Civil Rights (OCR) has announced seven settlement agreements and one civil monetary penalty to resolve allegations of Health Insurance Portability and...more

ONC And OCR Update HIPAA Security Risk Assessment Tool For National Cyber Security Awareness Month

Jackson Lewis P.C. on 10/30/2018

October 2018 marks the 15th annual National Cyber Security Awareness Month. In honor of this occasion, the Office of the National Coordinator for Health Information Technology (ONC) and the HHS Office for Civil Rights (OCR)...more

Is Your E-PHI Secure? ONC And OCR Update HIPAA Security Risk Assessment Tool

Jackson Lewis P.C. on 10/30/2018

OCR Stresses Importance of Authentication in Newsletter

Robinson+Cole Data Privacy + Security Insider on 11/21/2016

In a recent newsletter, the Office for Civil Rights (OCR) encourages health care organizations to review their procedures around authentication and “ensure that they have the appropriate safeguards in place.”...more

Pressure Points: OCR Enforcement Activity in 2014

McDermott Will & Emery on 2/10/2015

During 2014, the Office for Civil Rights (OCR) of the U.S. Department of Health & Human Services initiated six enforcement actions in response to security breaches reported by entities covered by the Health Insurance...more

14 Results

View per page

Page: of 1

Business Associates › Cybersecurity › Risk Assessment

"My best business intelligence, in one easy email…"