Healthcare Information Security

Business Associate Agreements

Uber Health Prioritizes Patient Data Security, HIPAA Compliance

March 28, 2018 - Ridesharing company Uber launched a platform in March 2018 that aimed to provide more transportation options to patients. Individuals can use Uber Health to get a ride to their provider, while being reassured that HIPAA compliance remains a top priority. Patient data security was never an afterthought, and the platform will operate on its own application programming interface (API).   ...


More Articles

Reported Kansas PHI Data Breach Could Involve Info of 11K

by Elizabeth Snell

An unauthorized email from a Kansas Department for Aging and Disability Services (KDADS) employee was sent to a group of business associates, which created a possible PHI data breach, according to a KDADS online statement. KDADS became aware...

36K Notified of Potential Healthcare Data Breach from Mailing Error

by Elizabeth Snell

A mailing error has led to a potential healthcare data breach for Triple-S Advantage (Triple-S) members, according to an online company statement. The Puerto Rico-based organization is an independent licensee of the BlueCross BlueShield Association....

Business Associate Dismissal Denied in HIPAA Data Breach Case

by Elizabeth Snell

A HIPAA data breach case that stemmed from a business associate disclosing PHI will not be dismissed, according to a US District Court decision. CVS Pharmacy, Inc. and Caremark Rx LLC (CVS) sought reimbursement from its business associate, Press...

MA Reaches Settlement Following Medicaid Data Breach

by Elizabeth Snell

New Hampshire-based Multi-State Billing Services (MSB) must pay $100,000 and improve its security practices per a consent judgment from the Massachusetts attorney general’s office. The settlement stems from a Medicaid data breach where...

$2.3M OCR Settlement Reached for 21st Century Oncology Data Breach

by Elizabeth Snell

Cancer care services provider 21st Century Oncology (21CO) recently agreed to a $2.3 million OCR settlement, following a 2015 data breach. OCR found in its investigation that 21CO impermissibly disclosed the PHI of 2,213,597 of its patients and...

Tech Company Agrees to $264K Vermont Data Breach Settlement

by Elizabeth Snell

Technology company SAManage USA, Inc. recently agreed to pay $264,000 as part of a data breach settlement with the Vermont Attorney General, following a July 2016 incident. SAManage provides cloud-based IT support, which was used by WEX Health...

Reviewing OCR HIPAA Guidance to Maintain Compliance

by Elizabeth Snell

Covered entities should not be afraid to regularly review OCR HIPAA guidance and ensure that they remain compliant, even as they add new technologies into the daily workflow, according to OCR Senior Advisor for HIPAA Compliance and Enforcement...

How Vendors, Providers Can Create Strong Health Data Security

by Elizabeth Snell

When it comes to maintaining HIPAA compliance, both healthcare providers and their chosen third-party vendors – or business associates – need to work together for comprehensive and current health data security. Compliance can get...

5 Lessons Learned in OCR HIPAA Settlements

by Elizabeth Snell

Healthcare organizations cannot assume that they will never experience a data breach or data security incident. Failure to update safeguards or audit controls could also lead to an OCR HIPAA settlement, which could be paired with a high fine...

67% of Security Teams Say Insiders Top Data Security Threat

by Elizabeth Snell

Healthcare organizations must ensure that they carefully monitor who is able to access sensitive information, as potential data security threats can occur from either insiders or third-parties. While working with trusted vendors or business associates...

Vendor Risk Management Key Focus in Recent HITRUST Program

by Elizabeth Snell

A new HITRUST exchange aims to help entities as they request and receive third-party security and privacy risk assessment information, streamlining the vendor risk management process. The HITRUST Assessment Exchange will utilize the HITRUST CSF...

Lack of Business Associate Agreement Equals $31K Settlement

by Elizabeth Snell

The Center for Children’s Digestive Health (CCDH) recently settled potential HIPAA violations by not having a business associate agreement in place, and paid OCR $31,000. The Illinois-based healthcare provider underwent an OCR compliance...

3 Critical Steps for Managing Third-Party Access to Your EHR

by Marti Arvin of CynergisTek

Before a hospital grants any kind of network access to users from an outside organization, like a physician’s practice, it must determine to whom access is granted and for how long. It is a complex and essential process. This article will...

PHI Access Challenges Addressed in Recent ONC Resources

by Elizabeth Snell

Healthcare organizations face numerous potential PHI access challenges, especially as more entities continue to adopt new EHRs, according to the Office of the National Coordinator (ONC). That is why ONC wanted to ensure that covered entities...

Are Business Associates Unprepared in Health Data Protection?

by Elizabeth Snell

Two-thirds of business associates are not prepared for the evolving health data protection measures, specifically in relation to HITRUST standards, according to a recent KPMG survey. KPMG surveyed 604 industry professionals, and only 17.4 percent...

Provider PHI Access Key Aspect to HIPAA Privacy Rule

by Elizabeth Snell

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently clarified that business associates cannot block provider PHI access or terminate that access under the HIPAA Privacy Rule. In a Frequently Asked Questions...

Latest OCR HIPAA Settlement Highlights BAA Importance

by Elizabeth Snell

Care New England Health System (CNE) agreed to an OCR HIPAA settlement after it was found to have not had a current business associate agreement in place to keep PHI secure. Woman & Infants Hospital of Rhode Island (WIH) was a CNE covered...

Utilizing Business Associate Agreements in Breach Prevention

by Elizabeth Snell

While no healthcare organization can guarantee that they will never fall victim to a data breach or cybersecurity attack, having the right tools in place can help to lessen the likelihood or even assist in recovering from a breach. Having necessary...

Assessing Vendor Risk for Stronger Health Data Security

by Eric Dieterich of Sunera

Whether a healthcare organization hires vendors to process customer payments, store HR data in the cloud or run the IT help desk, you extend your overall cyber risk environment to that of your third party providers. Too often, healthcare decision-makers...

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks