How to Choose a HIPAA Compliant Vendor

The vendors you choose to help run your business will determine your business success level. Ultimately, your vendor’s vulnerabilities are your vulnerabilities, which is why HIPAA emphasizes the importance of business associate compliance. Business associate vendors must be compliant with HIPAA standards. So how do you ensure that you are choosing HIPAA compliant vendors? What is a Business Associate? While not all [...]

2023-09-07T10:07:16-04:00March 2nd, 2022|

What is a HIPAA Compliance Checklist for Law Firms?

Law firms, depending on the nature of the services they provide to covered entities, may fall under the definition of “business associates.” Law firms that qualify as business associates (BAs) must be HIPAA compliant. Tips for developing a HIPAA compliance checklist for law firms are discussed below. What is a HIPAA Compliance Checklist for Law Firms: When is a Law Firm a BA? Business associates perform functions or [...]

2023-07-31T15:02:19-04:00October 23rd, 2020|

What is a HIPAA Business Associate Amendment?

Companies enter into agreements with Google for use of various Google products, including G Suite, G Suite for Education, and G Suite for Government. These agreements govern the terms of use - what users may and may not use these applications for. For its G Suite, G Suite for Education, and G Suite for Government products, Google also provides a separate business associate agreement (BAA). [...]

2023-07-31T16:49:22-04:00June 29th, 2020|

What is a HIPAA Service?

A HIPAA service is a service performed by one entity, that enables another entity to meet its HIPAA compliance obligations. Under HIPAA, healthcare providers frequently contract with vendors who perform services involving protected health information. The services include billing, collections, medical transcription, e-prescribing, and many others. If a vendor is performing such a HIPAA service, the vendor is considered to be a business associate, and must comply with [...]

2023-07-31T17:03:51-04:00June 15th, 2020|

HIPAA Cloud Service Providers

Cloud service providers (CSP) are businesses that provide network services, business applications, or infrastructure, in the cloud. The services are hosted in a remote data center that can be accessed through a company network connection. Cloud service providers that create, receive, maintain, or transmit electronic protected health information (ePHI) on behalf of a covered entity or business associate, are considered HIPAA business associates. HIPAA cloud service providers must [...]

2023-08-01T14:00:49-04:00January 8th, 2020|

Covered Entities Required to Vet Business Associates

The Health Insurance Portability and Accountability Act (HIPAA) established a set of standards that anyone working in healthcare must adhere to. HIPAA law is meant to safeguard a patient’s protected health information (PHI) to ensure that only those who need access to PHI, as part of their job, have access. Since HIPAA security law is complicated, many practices opt to hire IT solution providers to address their technology [...]

2023-08-07T15:32:13-04:00September 6th, 2019|

Healthcare Vendor Management: 4 Steps to Prevent Vendor Data Breaches

To satisfy the Health Insurance Portability and Accountability Act (HIPAA) healthcare vendor management must be implemented. Healthcare data breaches are on the rise, and many of the incidents of late were the result of poor vendor management. With the increase in vendor breaches and widespread confusion surrounding vendor management, the Department of Health and Human Services (HHS) recently released new guidance to clarify healthcare organizations’ obligation to ensure [...]

2023-08-07T15:33:08-04:00September 5th, 2019|

Business Associate Security: What is Your Responsibility as a Covered Entity

In light of recent large-scale breaches in healthcare, it is imperative that covered entities (CEs) understand the importance of business associate security. Over the course of seven years, data breaches in healthcare have increased by 70%.  The recent breach of the American Medical Collection Agency (AMCA) affected 20 million patients. The AMCA breach was a result of hackers gaining access to the collection agency’s web [...]

2023-08-07T16:16:51-04:00July 22nd, 2019|

New Business Associate HIPAA Guidelines Released by OCR

The Department of Health and Human Services (HHS) Office of Civil Rights (OCR) released new HIPAA guidelines for business associate requirements in May 2019. These guidelines reinforce a business associate’s liability under HIPAA law. The HHS has identified 10 areas in which business associates (BAs) are held accountable.  Failure to provide the Secretary with records and compliance reports; cooperate with complaint investigations and compliance reviews; [...]

2023-08-07T16:19:34-04:00July 17th, 2019|

Is DropBox HIPAA Compliant?

The question "Is DropBox HIPAA compliant?" is a common question for healthcare providers and organizations that deal with protected health information (PHI). Before we answer, let's take a brief look at some of the foundational components of HIPAA compliance to deepen your understanding of how it applies to DropBox. Working with Healthcare Vendors Healthcare providers are considered covered entities (CEs) under HIPAA [...]

2023-08-08T09:51:31-04:00October 6th, 2017|