Federal regulators will be kicking off remote HIPAA compliance "desk audits" of business associates next month and more comprehensive onsite audits of both covered entities and BAs early next year. Learn more about what's next for the audit program.
New long-awaited federal guidance clarifies that cloud services providers that handle protected health information are nearly always considered business associates under HIPAA and, as a result, must meet the regulation's security requirements.
Because the legal relationships between healthcare organizations can be very complex, it's not always crystal clear when business associate agreements should be in place to help safeguard patient data, says privacy attorney Adam Greene. He explains the legal issues in this in-depth interview.
A recent incident involving a vendor using a Boston clinic employee's credentials to inappropriately access patient data via a regional health information exchange illustrates the potential risks involved as the use of HIEs continues to grow.
In the first HIPAA enforcement action against a business associate, federal regulators have smacked a nonprofit organization with a $650,000 penalty following an investigation into a 2014 security incident affecting just 412 patients.
Does your organization really have a clear idea of what measures your business associates are taking to safeguard your most sensitive data? Yet another breach, this one affecting Arkansas Blue Cross Blue Shield, points to the risks.
Covered entities find it difficult to prevent unauthorized access to patient data by members of their staffs. Preventing breaches involving insiders at business associates can be even trickier, as an incident affecting Meritus Health illustrates.
Recent breaches and regulatory audits have sharpened the focus on third-party risks. How are healthcare entities tackling this critical topic of business associate management? Attorney David Szabo shares insights.
When it comes to health data breaches, business associates are again grabbing headlines, calling attention to the importance of scrutinizing vendors. The latest incident involves a breach that wasn't reported to a covered entity for eight months.
TThe secure sharing of information throughout the fragmented health service provider ecosystem presents a significant challenge. The multitude of relationships and interactions each present a requirement for effective security, risk and compliance management. The current mechanism for managing these requirements is a...
Many covered entities aren't taking the steps needed to reduce the risks involved when business associates access protected health information, says attorney David Holtzman, who analyzes results of the Healthcare Information Security Today survey.
The highly fragmented but collaborative health service provider ecosystem, presents a significant challenge in providing reliable access to protected patient health information while keeping it private. How best can we ensure that business associates are taking all the necessary steps to protect patient data and...
A recent incident involving disposed in a vendor's dumpster is an example of why healthcare organizations say business associates taking inadequate security steps ranks as their No. 1 perceived breach threat today.
A former senior adviser at the HHS Office for Civil Rights offers his predictions about OCR's HIPAA enforcement and regulatory activities for the year ahead in the wake of the office's leadership changes.