Header graphic for print
HealtHITechLaw HIPAA, HITECH and Beyond

Tag Archives: Business Associate

HHS HIPAA Security Risk Assessment Tool Now Available

Posted in Security

Many thanks once again to our colleague, Sylvia Brown, for her assistance in authoring this post. The Office of the National Coordinator for Health Information Technology (ONC), in collaboration with the U.S. Department of Health & Human Services (HHS) Office of Civil Rights (OCR), recently released a security risk asessment tool (SRA Tool) to assist entities… Continue Reading

OIG Report Criticizes HIPAA Oversight

Posted in OCR Audits, Security

The HHS Office of Civil Rights (“OCR”) has failed to comply with the HITECH Act’s mandate to audit HIPAA covered entities and business associates, according to a recent report published by the HHS Office of Inspector General (“OIG”). The OIG said that OCR “had not assessed the risks, established priorities, or implemented controls for its HITECH requirement… Continue Reading

Who Are My Business Associates, and Why the HIPAA Should I Care?

Posted in Rulemaking

Much has been made about business associates in HITECH and the HIPAA Final Omnibus Rule.  In a previous post and in our webinar we hit on the high points – that much of HIPAA applies directly to business associates, and that business associates themselves have obligations relative to their business associates.  Indeed, not only do… Continue Reading

The Final Omnibus HIPAA Rule: Are You Ready?

Posted in Enforcement, Rulemaking

As we mentioned in last week’s Webinar on the HIPAA Final Omnibus Rule, there are less than nine short months for covered entities and their business associates (and all downstream business associates) to comply with the HIPAA final rules.  For those entities that have already taken steps following the release of the HITECH interim rules, the… Continue Reading

HIPAA Final Rule Clarifies Business Associate Obligations

Posted in Rulemaking

Business Associates:  You’re on notice. When the Health Information Technology for Economic and Clinical Health Act (“HITECH”) was enacted nearly four years ago, business associates were aware that HIPAA compliance was going to be required of them – they were just not sure of the extent.  Historically, business associates have been required to comply with… Continue Reading

OCR Presents Preliminary HIPAA Audit Findings

Posted in Enforcement

OCR’s Audit Program, which began in December 2011, is part of HHS’ efforts under HITECH to assess HIPAA compliance by covered entities, identify best practices, and discover risks and vulnerabilities in protecting the privacy and security of PHI which may not have come to light through OCR’s complaint investigation and compliance reviews. OCR has repeatedly stated that… Continue Reading

HIPAA Business Associate Becomes Target of State AG Enforcement

Posted in Business Associate, Enforcement

A recent complaint filed by the Minnesota State Attorney General against a HIPAA business associate seeks to recover statutory damages for multiple alleged violations of the HIPAA Security Rule.  Following last year’s HHS OCR enforcement targeting HIPAA covered entities, this latest HIPAA enforcement should place all business associates on notice that enforcement authorities have them… Continue Reading