Header graphic for print
Workplace Privacy, Data Management & Security Report

Tag Archives: HITECH

Final HIPAA Regulations: “Business Associates” Include Subcontractors, Data Storage Companies (Cloud Providers?)

Under the HITECH Act, business associates are subject to the HIPAA privacy and security rules (the "HIPAA Rules") virtually to the same extent as covered entities. In addition to implementing this change for business associates ("BAs"), and providing additional guidance concerning what entities are business associates, the final HIPAA regulations issued last week also treat certain subcontractors of BAs as BAs directly subject to the… Continue Reading

Provide Feedback to Government on Exchanging Health Information on Mobile Communications Devices

If you have an interest in the role the growing use of mobile communications devices (smartphones, iPads, iPhones, etc.) will play in how personal health information is exchanged in the health care industry, the Office of the National Coordinator for Health Information Technology (ONC) is seeking your input. According to a notice published Nov. 1, 2011 (76 Fed. Reg. 67455), comments are due Dec. 31.

HHS to Help Train State Attorneys General to Enforce HIPAA

While years of lax enforcement may have lulled many HIPAA covered entities and business associates to not take HIPAA seriously, recent activities by HHS, including the recently announced nationwide enforcement training program for State Attorneys General should spur renewed efforts toward compliance.

Attorney General Securing Personal Data in Indiana

Indiana recently enacted a new law which grants authority to the Indiana Office of the Attorney General’s Identity Theft Unit to obtain and secure abandoned records with personally identifying information, including health records, and either destroy them or return them to their owners. Additionally, the new law sets fines and other legal ramifications for violations of… Continue Reading

HHS to Issue Proposed Regulations Concerning HITECH

The Department of Health and Human Services announced this morning that it will be issuing a notice of proposed rulemaking to begin implementing the recent statutory amendments under the Health Information Technology for Economic and Clinical Health Act (“the HITECH Act”). According to HHS, the proposed regulations (pdf), set to be published July 14, 2010, are designed to strengthen the… Continue Reading

New Challenges for HIPAA Business Associates Under ARRA and HITECH

Have you noticed that negotiating that business associate agreement has gotten a lot more difficult? Many companies that serve health care providers and health plans, generally known as business associates, have noticed. These companies include software vendors, benefits brokers, cloud computing providers, data storage/destruction companies, and accountants, among others. The clients of these companies are… Continue Reading

Best Buy Counsel Speaks on Data Privacy

On January 29, 2009, I had the opportunity to attend a brief presentation sponsored by Minnesota CLE entitled, “Corporate Data Privacy & Security: 10 Legal Practice Tips,” given by Brad Bolin, Senior Corporate Counsel for Best Buy, Inc. a Fortune 500 electronics retailer headquartered in Richfield, Minnesota. Bolin is a specialist in information security and privacy… Continue Reading

HIPAA Data Breaches in India Threaten Outsourcing Industry, Require Greater Vigilance at Home

A British TV station investigation into India’s medical transcription industry, known as Business Process Outsourcing (BPO), uncovered unsettling news for British subjects, as well as American citizens. Medical records sent to India to be transcribed and computerized are being sold. The Economic Times report on the investigation out of New Delhi suspects a "hardening of stance on the… Continue Reading