The Department of Health and Human Services announced on February 24 that it is seeking information about conducting a pre-audit survey. That is, it plans to conduct a “survey of up to 1200 [HIPAA] covered entities (health plans, health care clearinghouses, and certain health care providers) and business associates (entities that provider certain services to… Continue Reading
Under the HITECH Act, business associates are subject to the HIPAA privacy and security rules (the "HIPAA Rules") virtually to the same extent as covered entities. In addition to implementing this change for business associates ("BAs"), and providing additional guidance concerning what entities are business associates, the final HIPAA regulations issued last week also treat certain subcontractors of BAs as BAs directly subject to the… Continue Reading
Is your cloud service provider HIPAA-compliant?
Have you noticed that negotiating that business associate agreement has gotten a lot more difficult? Many companies that serve health care providers and health plans, generally known as business associates, have noticed. These companies include software vendors, benefits brokers, cloud computing providers, data storage/destruction companies, and accountants, among others. The clients of these companies are… Continue Reading
Continuing our thoughts on how disclosures of private or confidential information may adversely impact the institution and the persons affected by such disclosure, we now focus on something near and dear to lawyers’ hearts: paper shredding. Many businesses regularly shred documents they no longer need to protect them from disclosure. While this may secure the information contained… Continue Reading