In Audit
Jul 13th, 2017
Think your healthcare covered entity doesn’t need to establish and maintain Business Associate Agreements (BAA) with companies who can access your patients’ protected health information (PHI)? Think again. Cases in Point March 2016 — North Memorial Health Care agreed to pay the U.S. Department of Health and Human Services (HHS) $1,550,000 to settle charges that it potentially ...
Aug 15th, 2016
A business associate (BA) of healthcare provider Bon Secours left personal information of more than 650,000 patients exposed on the internet for four days, revealing names, insurance ID numbers, banking info, Social Security numbers, and clinical data. The breach was discovered by Bon Secours. WTKR reported the healthcare chain discovered that R-C Healthcare Management had ...
Mar 31st, 2016
According to an article in Modern Healthcare (3/21, Conn, Subscription Publication), the Department of Health and Human Services (HHS) Office for Civil Rights is changing its privacy and security auditing process per the American Recovery and Reinvestment Act of 2009’s health IT rules.  The revised enforcement process, “will target the business associates of healthcare providers, ...
Update your business associate agreements. By Reed Williams, JD If your organization has a Business Associate Agreement (BAA) filed away that hasn’t been touched in the past five years, put down this article and call your attorney. He or she will likely explain that your dusty, old BAA does not comply with the omnibus HIPAA ...
Nov 12th, 2014
Under the HIPAA Privacy Rule, covered entities and business associates (BA) may disclose patients’ protected health information (PHI) without a signed authorization for treatment, payment, or healthcare operations (TPO) reasons. Examples include: Doctors and/or hospitals (that are covered entities) may share information with one another for treatment reasons. Patients’ information may also be relea...