OCR Enforcement Discretion for Business Associate PHI Use

The Department of Health and Human Services’ (HHS) Office for Civil Rights, as part of a broad response to support federal and state health authorities and emergency operations centers who need access to COVID-19-related data, has announced it will exercise additional COVID-19-related enforcement discretion. The OCR enforcement discretion is discussed below. What Enforcement Discretion Will be Exercised? Previously, OCR announced it would [...]

2022-03-02T10:27:21-05:00September 1st, 2020|

HIPAA Workforce Definition

The HIPAA workforce definition is critical to understanding which entities a covered entity must enter into business associate agreements with. The HIPAA workforce definition is discussed below.  The HIPAA Workforce Definition: What is it? The HIPAA workforce definition, if properly understood, will make it easier for covered entities to determine whom they need to enter into business associate agreements with. The “workforce” of a covered [...]

2022-05-06T12:08:18-04:00May 22nd, 2020|

Vendor Vetting Can Save You Millions

In a recent study conducted by the Ponemon Institute, it was determined that 54% of healthcare vendors had experienced at least one data breach affecting protected health information (PHI). However, healthcare providers are continually neglecting their obligation to adequately vet vendors they are working with. It was found that although many healthcare providers somewhat address their vendor vetting obligation by sending risk assessment questionnaires, 41% [...]

2021-08-02T17:00:06-04:00March 12th, 2020|

When is a Covered Entity Liable for a Business Associate Breach?

Under the HIPAA Privacy Rule, a covered entity may, in some circumstances, be liable for its business associate breach under the business associate agreement.  When May a Covered Entity be Liable for a Business Associate Breach of the Business Associate Agreement? A covered entity may be liable for business associate misconduct or violations when: The covered entity knew of a pattern of activity or practice [...]

2021-02-05T12:54:59-05:00January 21st, 2020|

HIPAA Cloud Service Providers

Cloud service providers (CSP) are businesses that provide network services, business applications, or infrastructure, in the cloud. The services are hosted in a remote data center that can be accessed through a company network connection. Cloud service providers that create, receive, maintain, or transmit electronic protected health information (ePHI) on behalf of a covered entity or business associate, are considered HIPAA business associates. HIPAA cloud service providers must comply [...]

2022-05-06T12:08:18-04:00January 8th, 2020|

Is Google Sheets HIPAA Compliant?

Google Sheets is a web-based spreadsheet offered by Google within its Google Drive service. It was first released in 2007. The issue of Is Google Sheets HIPAA Compliant is discussed below. How Can Google Sheets Become HIPAA Compliant? If you are asking yourself “Is Google Sheets HIPAA Compliant?” then the issue of how Google Sheets is regulated by HIPAA must be addressed first. HIPAA regulations [...]

2020-11-19T11:45:57-05:00December 3rd, 2019|

Is OneDrive HIPAA Compliant?

The convenience of using cloud storage has caused many businesses to use the technology. In the healthcare industry, the ability to quickly access patient’s protected health information (PHI) from various systems is important. However, when choosing a cloud provider, organizations working in healthcare must ensure that the service is HIPAA compliant. Is OneDrive HIPAA compliant? HIPAA Business Associates Agreements The Health Insurance Portability [...]

2020-11-17T17:37:16-05:00November 1st, 2019|

Is Google Drive HIPAA Compliant?

The Health Insurance Portability and Accountability Act (HIPAA) set forth industry standards for the privacy and security of protected health information (PHI). PHI is any individually identifying health information such as name, birthdate, treatment history, financial information, etc. As such, healthcare organizations must adopt safeguards to secure PHI in the form of administrative, physical, and technical safeguards. Many organizations have adopted the use of G Suite as it [...]

2021-06-28T15:29:25-04:00September 27th, 2019|

3 Easy Steps to Get your Microsoft Business Associate Agreement

The Health Insurance Portability and Accountability Act (HIPAA) set forth industry standards for the handling of protected health information (PHI). PHI is any individually identifying health information such as name, date of birth, treatment information, Social Security number, etc. Under HIPAA, any organization working with PHI, in any capacity, must be HIPAA compliant. This includes covered entities (CEs) and the vendors that service them. Before a CE can [...]

2022-03-10T10:10:34-05:00August 29th, 2019|

Florida HIPAA Fine: No BAA Results in $500,000 Fine

A recent $500,000 Florida HIPAA fine is just another example of the growing trend of HIPAA violations cropping up across the country, all stemming from the lack of properly executed business associate agreements. Advanced Care Hospitalists PL (ACH) has agreed to pay a $500,000 HIPAA fine to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) after a HIPAA investigation [...]

2021-08-25T13:59:22-04:00March 5th, 2019|