News & Analysis as of

Business Associates Data Protection Risk Management

Business Associates can refer broadly to individuals engaged in business relationships with one another. However, in the HIPAA context, the term has a specific statutory meaning and those characterized as... more +
Business Associates can refer broadly to individuals engaged in business relationships with one another. However, in the HIPAA context, the term has a specific statutory meaning and those characterized as business associates have expanded data protection obligations and duties. Essentially, a business associate under HIPAA is a person or entity that performs certain functions or services which necessitates exposure to protected health information on behalf of a covered entity. Typical business associate functions include: claims processing or administration, data analysis, billing, etc.    less -
Gardner Law

Recent Enforcement Reminds Companies: Assess HIPAA Compliance

Gardner Law on

A HIPAA compliance assessment is an evaluation of an organization's practices, policies, and procedures to ensure that they align with requirements from the Health Insurance Portability and Accountability Act (“HIPAA”). It...more

Maynard Nexsen

Changes Proposed by HHS to Strengthen HIPAA Security Rule

Maynard Nexsen on

On January 6, 2025, the US Department of Health and Human Services Office for Civil Rights (“OCR”) issued a notice of proposed rulemaking (“Proposed Rule”) containing significant updates to the Security Rule under the Health...more

Paul Hastings LLP

HHS OCR Releases Proposed Updates to HIPAA Security Rule

Paul Hastings LLP on

On December 27, 2024, the U.S. Department of Health and Human Services (HHS), through the Office for Civil Rights (OCR), announced a Notice of Proposed Rulemaking (NPRM) to amend the Security Standards for the Protection of...more

Fisher Phillips

Proposed Updates to HIPAA Security Rule Would Require Entities to Adopt Enhanced Cybersecurity Measures

Fisher Phillips on

The HIPAA Security Rule may soon undergo a big overhaul that would better defend healthcare data from cybersecurity threats – and require much more from covered entities when it comes to establishing and maintaining defenses....more

Health Care Compliance Association (HCCA)

HHS Abandons Appeal in Public Website Pixel Case, But CEs and BAs Should Expect Continued Scrutiny

Health Care Compliance Association (HCCA) on

The HHS Office for Civil Rights (OCR) has abandoned its appeal of a federal judge’s ruling overturning OCR’s guidance prohibiting covered entities (CEs) and business associates (BAs) from using the web-tracking technologies...more

Brooks Pierce

Business Associate Victim of Ransomware Attack Pays $100,000 to HHS OCR

Brooks Pierce on

Is your organization a business associate? You could be subject to enforcement action if you fail to protect health information within your control from ransomware attacks. In October, for the first time, the U.S....more

Robinson+Cole Data Privacy + Security Insider

Cyber Criminals Focusing on Clinics + Business Associates

Robinson+Cole Data Privacy + Security Insider on

As hospital systems become more hardened to cyber-attacks, cyber criminals are focusing their efforts on smaller providers, such as outpatient clinics, specialty clinics and business associates, according to a report by...more

NAVEX

4 Ways to Protect ePHI Beyond HIPAA Compliance

NAVEX on

Given the choice between credit card data and digital health records, cybercriminals prefer the latter. A stolen credit card can be canceled. Electronic protected health information (ePHI) with its treasure-trove of...more

Robinson+Cole Data Privacy + Security Insider

Privacy Tip #191 – Trying to Protect Your Medical Information—Let’s Ask Questions About Data Security

Robinson+Cole Data Privacy + Security Insider on

In the top three of the list of highly sensitive personal data to be concerned about is our medical information. It’s so sensitive because it is so personal. It used to be that our medical information was located in paper...more

Poyner Spruill LLP

Five Frequently Overlooked Mistakes in HIPAA Compliance

Poyner Spruill LLP on

HIPAA was enacted in 1996. In the years since, most healthcare entities have adapted to the major requirements imposed by HIPAA, HITECH, and the Privacy and Security Rules. Nevertheless, the thicket of regulations still...more

Winstead PC

Is it HIPAA or HIPPA? Either way, it still applies.

Winstead PC on

I have negotiated hundreds of SaaS agreements for dozens of software companies and I always hated when the company on the other side was a healthcare provider. Invariably, they would bring up Protected Health Information...more

Mintz - Privacy & Cybersecurity Viewpoints

OCR Warns of HIPAA Risks in Third-Party Apps

Mintz - Privacy & Cybersecurity Viewpoints on

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) recently issued a warning regarding vulnerabilities in third-party applications used by entities covered by HIPAA. The OCR warning applies...more

BakerHostetler

Health Law Update - What Covered Entities and Business Associates Need to do to Prepare for the New HIPAA/HITECH Requirements

BakerHostetler on

The U.S. Department of Health and Human Services (HHS) issued, on January 17, 2013, its final omnibus rule modifying the Health Insurance Portability and Accountability Act of 1996 (HIPAA) privacy and security rules as well...more

13 Results
 / 
View per page
Page: of 1

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide