Large-Scale HIPAA Security Breach: Improper Use of GitHub

Recently, the improper use of GitHub led to a large-scale HIPAA security breach, leaving the protected health information (PHI) of 150,000 - 200,000 patients available through publicly searchable employee login credentials for nine healthcare organizations. Software developers use GitHub for source code management and version control when creating, or making changes to, software. One feature of GitHub is the ability to use [...]

2022-05-06T13:55:37-04:00August 18th, 2020|

Is BlueJeans HIPAA Compliant?

BlueJeans is a cloud-based telecommunications platform that was created in 2009 by Verizon. With the uptick in the use of video conferencing for telehealth, it is important to consider whether or not certain tools are HIPAA compliant. The question of - is BlueJeans HIPAA compliant - is discussed below. Is BlueJeans HIPAA Compliant: Business Associate Under HIPAA, business associates are any entity that creates, receives, transmits, maintains, or stores [...]

2020-11-16T09:02:49-05:00August 4th, 2020|

Importance of BAA Compliance Highlighted by Breach

The Department of Health and Human Services (HHS) maintains a list of health-related data breaches affecting 500 or more individuals. HHS obtains this information from the healthcare organizations and business associates who discovered the breach. The list, referred to as the “Wall of Shame,” was recently graced by Central Files, the business associate of covered entity Elkhart Emergency Physicians. HIPAA regulations require covered entities to [...]

2021-01-06T16:17:55-05:00July 16th, 2020|

What is a HIPAA Business Associate Amendment?

Companies enter into agreements with Google for use of various Google products, including G Suite, G Suite for Education, and G Suite for Government. These agreements govern the terms of use - what users may and may not use these applications for. For its G Suite, G Suite for Education, and G Suite for Government products, Google also provides a separate business associate agreement (BAA). [...]

2022-05-06T12:08:18-04:00June 29th, 2020|

Is Calendly HIPAA Compliant?

Calendly is a tool that allows businesses to schedule appointments and meetings, integrating with many popular calendar applications. As a software application, under HIPAA, Calendly is considered a business associate when servicing healthcare clients. As such, it is important to determine whether or not the platform is HIPAA compliant. Is Calendly HIPAA compliant?  Are you adequately protecting patient data?  Find out now with our HIPAA compliance checklist. Is Calendly [...]

2020-11-16T17:01:51-05:00June 25th, 2020|

Is RingCentral HIPAA Compliant?

RingCentral is a cloud-based service that offers phone, messaging, video, and fax solutions for businesses. The use of cloud-based applications for these services, allows customers to have access to their systems from anywhere. This is particularly important in today’s remote working environment. Many businesses have transitioned to working remotely, including businesses in the healthcare industry. However, for businesses working in healthcare, the cloud service providers they use must [...]

2020-11-16T17:01:51-05:00June 23rd, 2020|

What is a HIPAA Service?

A HIPAA service is a service performed by one entity, that enables another entity to meet its HIPAA compliance obligations. Under HIPAA, healthcare providers frequently contract with vendors who perform services involving protected health information. The services include billing, collections, medical transcription, e-prescribing, and many others. If a vendor is performing such a HIPAA service, the vendor is considered to be a business associate, and must comply with HIPAA [...]

2022-05-06T12:08:18-04:00June 15th, 2020|

HIPAA Workforce Definition

The HIPAA workforce definition is critical to understanding which entities a covered entity must enter into business associate agreements with. The HIPAA workforce definition is discussed below.  The HIPAA Workforce Definition: What is it? The HIPAA workforce definition, if properly understood, will make it easier for covered entities to determine whom they need to enter into business associate agreements with. The “workforce” of a covered [...]

2022-05-06T12:08:18-04:00May 22nd, 2020|

Vendor Vetting Can Save You Millions

In a recent study conducted by the Ponemon Institute, it was determined that 54% of healthcare vendors had experienced at least one data breach affecting protected health information (PHI). However, healthcare providers are continually neglecting their obligation to adequately vet vendors they are working with. It was found that although many healthcare providers somewhat address their vendor vetting obligation by sending risk assessment questionnaires, 41% [...]

2021-08-02T17:00:06-04:00March 12th, 2020|

When is a Covered Entity Liable for a Business Associate Breach?

Under the HIPAA Privacy Rule, a covered entity may, in some circumstances, be liable for its business associate breach under the business associate agreement.  When May a Covered Entity be Liable for a Business Associate Breach of the Business Associate Agreement? A covered entity may be liable for business associate misconduct or violations when: The covered entity knew of a pattern of activity or practice [...]

2021-02-05T12:54:59-05:00January 21st, 2020|