Health Law Gurus

Health Law Gurus

Health Law: News,
Commentary & Insights

Category Archives: Business Associates

Subscribe to Business Associates RSS Feed

Time is of the Essence When Reporting a Breach of PHI

Posted in Business Associates, Covered Entities, HIPAA, Privacy, Security
The failure to timely report a breach of unsecured protected health information (PHI) has cost Presence Health (one of the largest health systems in Illinois) almost half of a million dollars. Earlier this month, Presence Health agreed to pay $475,000 and enter into a corrective action plan (CAP) with the Office for Civil Rights (OCR)… Continue Reading

HIPAA Compliance Is a Health Care Entity’s Secret Weapon in Preventing and Combating Ransomware Attacks

Posted in Business Associates, Covered Entities, Cybersecurity, HIPAA, Privacy, Security
One of the fastest growing areas of cybercrime is ransomware. Ransomware is a type of malicious software that encrypts data and makes it inaccessible to authorized users. The hackers who orchestrate ransomware attacks demand that authorized users pay a ransom in order to obtain the key to decrypt their data. Payment is generally required to… Continue Reading

Breach of ePHI Results in $2.7 Million Fine

Posted in Business Associates, Covered Entities, HIPAA, Security
Oregon Health & Science University (“OHSU”) has paid $2.7 million to the U.S. Department of Health and Human Services, Office for Civil Rights (“OCR”) to settle allegations that it violated the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). OHSU must also comply with a three-year corrective action plan. OCR began an investigation of… Continue Reading

Spring Showers Bring HIPAA Breaches

Posted in Business Associates, Covered Entities, HIPAA, Privacy, Security
OCR has announced several recent settlement agreements to resolve violations of the Health Insurance Portability and Accountability Act (“HIPAA”). These settlement amounts range from $25,000 to $3.9 million dollars and illustrate a range of mistakes that health care providers make with respect to their HIPAA compliance. This post briefly summarizes OCR’s findings with respect to… Continue Reading

SOS Answered: New Guidance on HIPAA for App Developers

Posted in Business Associates, Compliance Issues, Covered Entities, HIPAA, Technology, Trends
Amidst criticism that the Health Insurance Portability and Accountability Act (“HIPAA”) lags behind technological innovation, the Office for Civil Rights (“OCR”) released new guidance to aid app developers in determining how HIPAA may apply to the products they are building and developing. OCR explained that the guidance is intended to “reduce some of the uncertainty… Continue Reading

Ask the Health Law Gurus™: What Is a Civil Monetary Penalty and How Is It Different from an OCR Settlement?

Posted in Ask the Health Law Gurus™, Business Associates, Covered Entities, HIPAA, Privacy, Security
The Health Law Gurus™ are here to help you stay current on issues and breaking news in health law. To help you stay up-to-date, we are excited to announce our new segment, “Ask the Health Law Gurus™.” Each month, we will select a reader’s question and answer it here, on the Health Law Gurus™ blog.… Continue Reading

High Cost of HIPAA Violations Demonstrated in $3.5 Million Settlement

Posted in Business Associates, Covered Entities, HIPAA, HITECH, Privacy, Security
Triple-S Management Corporation (“Triple-S”), on behalf of its wholly-owned subsidiaries, Triple-S Salud, Inc., Triple-C, Inc., and Triple-S Advantage, Inc., has agreed to pay $3.5 million as part of a Resolution Agreement with the Department of Health and Human Services Office of Civil Rights (“OCR”) (“Resolution Agreement”). The Resolution Agreement settled all potential liabilities related to… Continue Reading

OCR Audits to Begin in 2016

Posted in Business Associates, Covered Entities, HIPAA, HITECH, Privacy, Security
Beginning in 2016, the United States Department of Health and Human Services’ Office for Civil Rights (OCR) will conduct another round of audits to gauge compliance with privacy provisions in the Health Insurance Portability and Accountability Act (HIPAA). This announcement comes in the wake of criticism leveled against OCR for inconsistencies enforcing the HIPAA Rules.… Continue Reading

Revised Guidance for Privacy and Security of Electronic Health Information Released by Government

Posted in Business Associates, Covered Entities, EHR, HIPAA, Privacy, Security
The Office of the National Coordinator for Health Information Technology (“ONC”) has released a revised Guide to Privacy and Security of Electronic Health Information (the “Guide”), which is intended to be a resource for small and medium-sized health care providers, health IT and other information technology professionals, and business associates regarding federal health information privacy… Continue Reading

News from the Health Law Gurus™: Week of January 11, 2015

Posted in Affordable Care Act (ACA), Business Associates, Covered Entities, HIPAA, Legislation, Privacy, Uncategorized
News from the Health Law Gurus™ is a weekly summary of notable health law news from around the country with helpful links to related content. Check back every week for the latest health law news stories. Top Five Resolutions for Covered Entities and Business Associates in 2015 – The New Year is here. It is… Continue Reading

TOP FIVE RESOLUTIONS FOR COVERED ENTITIES AND BUSINESS ASSOCIATES IN 2015

Posted in Business Associates, Compliance Issues, Covered Entities, HIPAA
The New Year is here. It is time to make those 2015 resolutions, and not just those for getting fit and healthy. Resolve now to improve your organization’s compliance with the Health Insurance Portability and Accountability Act (“HIPAA”).   HIPAA requires entities that create, receive, maintain, or transmit protected health information (“PHI”) to protect that… Continue Reading

HIPAA in the Time of Ebola

Posted in Business Associates, Compliance Issues, HIPAA, Privacy, Regulations, Trends
Ebola has recently been the source of much concern, and health care providers and hospitals are taking steps to prepare themselves for the possibility of treating patients with Ebola. In addition to all of the medical preparations underway, covered entities and business associates must also continue to be aware of the protections in place that… Continue Reading

September 22, 2014 – HIPAA Compliance Deadline for Business Associate Agreements Is Just Around the Corner

Posted in Business Associates, Compliance Issues, HIPAA, Regulations
All business associate agreements (“BAAs”) must be updated and compliant with current Health Insurance Accountability and Portability Act (“HIPAA”) regulations by September 22, 2014. Failure to meet this deadline could result in large penalties for covered entities and/or business associates if there is a breach of protected health information (“PHI”) or a government audit. If… Continue Reading

The Cloud: Google Apps for Business and HIPAA Compliance

Posted in Business Associates, HIPAA, Privacy
Does your company use Google Apps for Business? Are you a health care provider, health plan, or health care clearinghouse (“Covered Entity” or “Covered Entities”) subject to the Health Insurance Portability and Accountability Act (“HIPAA”)? If you answered yes to these questions, you may need a business associate agreement (“BAA”) with Google. The information below… Continue Reading