Recently, the improper use of GitHub led to a large-scale HIPAA security breach, leaving the protected health information (PHI) of 150,000 - 200,000 patients available through publicly searchable employee login credentials for nine healthcare organizations. Software developers use GitHub for source code management and version control when creating, or making changes to, software. One feature of GitHub is the ability to use [...]
BlueJeans is a cloud-based telecommunications platform that was created in 2009 by Verizon. With the uptick in the use of video conferencing for telehealth, it is important to consider whether or not certain tools are HIPAA compliant. The question of - is BlueJeans HIPAA compliant - is discussed below. Is BlueJeans HIPAA Compliant: Business Associate Under HIPAA, business associates are any entity that creates, receives, transmits, maintains, or stores [...]
The Department of Health and Human Services (HHS) maintains a list of health-related data breaches affecting 500 or more individuals. HHS obtains this information from the healthcare organizations and business associates who discovered the breach. The list, referred to as the “Wall of Shame,” was recently graced by Central Files, the business associate of covered entity Elkhart Emergency Physicians. HIPAA regulations require covered entities to [...]
Companies enter into agreements with Google for use of various Google products, including G Suite, G Suite for Education, and G Suite for Government. These agreements govern the terms of use - what users may and may not use these applications for. For its G Suite, G Suite for Education, and G Suite for Government products, Google also provides a separate business associate agreement (BAA). [...]
Calendly is a tool that allows businesses to schedule appointments and meetings, integrating with many popular calendar applications. As a software application, under HIPAA, Calendly is considered a business associate when servicing healthcare clients. As such, it is important to determine whether or not the platform is HIPAA compliant. Is Calendly HIPAA compliant? Are you adequately protecting patient data? Find out now with our HIPAA compliance checklist. Is Calendly [...]
RingCentral is a cloud-based service that offers phone, messaging, video, and fax solutions for businesses. The use of cloud-based applications for these services, allows customers to have access to their systems from anywhere. This is particularly important in today’s remote working environment. Many businesses have transitioned to working remotely, including businesses in the healthcare industry. However, for businesses working in healthcare, the cloud service providers they use must [...]
A HIPAA service is a service performed by one entity, that enables another entity to meet its HIPAA compliance obligations. Under HIPAA, healthcare providers frequently contract with vendors who perform services involving protected health information. The services include billing, collections, medical transcription, e-prescribing, and many others. If a vendor is performing such a HIPAA service, the vendor is considered to be a business associate, and must comply with HIPAA [...]
The HIPAA workforce definition is critical to understanding which entities a covered entity must enter into business associate agreements with. The HIPAA workforce definition is discussed below. The HIPAA Workforce Definition: What is it? The HIPAA workforce definition, if properly understood, will make it easier for covered entities to determine whom they need to enter into business associate agreements with. The “workforce” of a covered [...]
In a recent study conducted by the Ponemon Institute, it was determined that 54% of healthcare vendors had experienced at least one data breach affecting protected health information (PHI). However, healthcare providers are continually neglecting their obligation to adequately vet vendors they are working with. It was found that although many healthcare providers somewhat address their vendor vetting obligation by sending risk assessment questionnaires, 41% [...]
Under the HIPAA Privacy Rule, a covered entity may, in some circumstances, be liable for its business associate breach under the business associate agreement. When May a Covered Entity be Liable for a Business Associate Breach of the Business Associate Agreement? A covered entity may be liable for business associate misconduct or violations when: The covered entity knew of a pattern of activity or practice [...]
