Healthcare Information Security

HIPAA Business Associates

Bill Would Exempt HIPAA Covered Entities from California Privacy Law

September 12, 2018 - The California legislature has passed amendments to the sweeping California Consumer Privacy Act that would, among other changes, exempt HIPAA covered entities and business associates from the state law’s requirements. It would also exempt PHI collected by a HIPAA covered entity or business associate or as part of a clinical trial from the state law. The governor has...


More Articles

HHS Pushes for Changes to HIPAA Privacy Rule, 42 CFR Part 2

by Fred Donovan

In the next few months, HHS plans to issue requests for information (RFIs) about changing the HIPAA Privacy Rule and 42 CFR Part 2 to make it easier for doctors, hospitals, and payers to coordinate in delivering value-based care and...

HATA Says PMS Vendors Want to Remain HIPAA Business Associates

by Fred Donovan

Currently, practice management software (PMS) vendors are considered HIPAA business associates  and therefore subject to the HIPAA Privacy and Security Rules, but not the HIPAA transactions and codes set requirements. The Healthcare...

Approaching the Top 5 Healthcare Cloud Security Concerns

by Bill Kleyman

In working with a variety of healthcare organizations, there’s still some hesitation when it comes to moving into a cloud ecosystem, with several healthcare cloud security concerns coming to light. Before we go too much further,...

Uber Health Prioritizes Patient Data Security, HIPAA Compliance

by Elizabeth Snell

Ridesharing company Uber launched a platform in March 2018 that aimed to provide more transportation options to patients. Individuals can use Uber Health to get a ride to their provider, while being reassured that HIPAA compliance remains...

Reported Kansas PHI Data Breach Could Involve Info of 11K

by Elizabeth Snell

An unauthorized email from a Kansas Department for Aging and Disability Services (KDADS) employee was sent to a group of business associates, which created a possible PHI data breach, according to a KDADS online statement. KDADS...

70K Notified in Tufts Health Plan Data Breach in Vendor Error

by Elizabeth Snell

A vendor that handles the mailing of member identification (ID) cards reportedly sent out envelopes with patient information visible in the mailing window, which created a Tufts Health Plan data breach. Tufts Medicare Preferred ID cards...

How Does HIPAA Compliance Apply in the Healthcare Cloud?

by Bill Kleyman

Only a handful of years ago, security and healthcare professionals deemed hosting healthcare data in the cloud to be untenable. However, the evolution of the healthcare industry as well as cloud solutions has really changed the perspective...

Filefax PHI Disclosure Leads to $100K OCR HIPAA Settlement

by Elizabeth Snell

Filefax, Inc. went out of business in 2017, but that does not mean that an OCR HIPAA settlement can be avoided due to an earlier PHI disclosure, according to OCR. A company that was appointed as a receiver to liquidate Filefax’s...

Business Associate Dismissal Denied in HIPAA Data Breach Case

by Elizabeth Snell

A HIPAA data breach case that stemmed from a business associate disclosing PHI will not be dismissed, according to a US District Court decision. CVS Pharmacy, Inc. and Caremark Rx LLC (CVS) sought reimbursement from its business...

MA Reaches Settlement Following Medicaid Data Breach

by Elizabeth Snell

New Hampshire-based Multi-State Billing Services (MSB) must pay $100,000 and improve its security practices per a consent judgment from the Massachusetts attorney general’s office. The settlement stems from a Medicaid data breach...

EHNAC: Risk Assessments, IoT Security Crucial in Attack Mitigation

by Elizabeth Snell

Hospitals and healthcare organizations need to keep a strong focus on their risk management and risk assessment process and ensure that any third parties or business associates also have proper security and IT risk management...

Tech Company Agrees to $264K Vermont Data Breach Settlement

by Elizabeth Snell

Technology company SAManage USA, Inc. recently agreed to pay $264,000 as part of a data breach settlement with the Vermont Attorney General, following a July 2016 incident. SAManage provides cloud-based IT support, which was used by WEX...

Reviewing OCR HIPAA Guidance to Maintain Compliance

by Elizabeth Snell

Covered entities should not be afraid to regularly review OCR HIPAA guidance and ensure that they remain compliant, even as they add new technologies into the daily workflow, according to OCR Senior Advisor for HIPAA Compliance and...

How Vendors, Providers Can Create Strong Health Data Security

by Elizabeth Snell

When it comes to maintaining HIPAA compliance, both healthcare providers and their chosen third-party vendors – or business associates – need to work together for comprehensive and current health data security. Compliance can...

67% of Security Teams Say Insiders Top Data Security Threat

by Elizabeth Snell

Healthcare organizations must ensure that they carefully monitor who is able to access sensitive information, as potential data security threats can occur from either insiders or third-parties. While working with trusted vendors or...

Vendor Risk Management Key Focus in Recent HITRUST Program

by Elizabeth Snell

A new HITRUST exchange aims to help entities as they request and receive third-party security and privacy risk assessment information, streamlining the vendor risk management process. The HITRUST Assessment Exchange will utilize the...

Lack of Business Associate Agreement Equals $31K Settlement

by Elizabeth Snell

The Center for Children’s Digestive Health (CCDH) recently settled potential HIPAA violations by not having a business associate agreement in place, and paid OCR $31,000. The Illinois-based healthcare provider underwent an OCR...

3 Critical Steps for Managing Third-Party Access to Your EHR

by Marti Arvin of CynergisTek

Before a hospital grants any kind of network access to users from an outside organization, like a physician’s practice, it must determine to whom access is granted and for how long. It is a complex and essential process. This...

2016 Healthcare Data Breaches Largely From Employee Error

by Elizabeth Snell

While the business sector led the way in reported data breaches for 2016, healthcare came in second by accounting for 34.5 percent of overall reported breaches, according to research from the Identity Theft Resource Center (ITRC)...

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks