When is a Covered Entity Liable for a Business Associate Breach?

Under the HIPAA Privacy Rule, a covered entity may, in some circumstances, be liable for its business associate breach under the business associate agreement.  When May a Covered Entity be Liable for a Business Associate Breach of the Business Associate Agreement? A covered entity may be liable for business associate misconduct or violations when: The covered entity knew of a pattern of activity or practice of the business associate [...]

2020-01-21T17:14:59-05:00January 21st, 2020|

When Can a Covered Entity Deny a Request to Amend PHI?

The HIPAA Privacy Rule permits patients to request that PHI contained in their medical records, be amended. The right is not unlimited, however, and a covered entity may deny a request to amend PHI under several circumstances. What is the HIPAA Privacy Rule Right to Amend PHI? Under the HIPAA Privacy Rule, covered entities must honor certain patient requests to amend protected health information (PHI). Generally, a patient has [...]

2020-01-21T16:13:23-05:00January 17th, 2020|

HIPAA Role-Based Access

HIPAA Role-Based Access is a key concept of the HIPAA Security Rule. Under the Security Rule, healthcare organizations are required to implement access controls. Access controls are a security technique that restrict access to an organization’s network to those individuals for whom access is required. What is HIPAA Role-Based Access? Under the technical safeguards provision of the HIPAA Security Rule, covered entities and business associates must implement technical policies [...]

2020-01-16T13:07:23-05:00January 16th, 2020|

HIPAA Cloud Service Providers

Cloud service providers (CSP) are businesses that provide network services, business applications, or infrastructure, in the cloud. The services are hosted in a remote data center that can be accessed through a company network connection. Cloud service providers that create, receive, maintain, or transmit electronic protected health information (ePHI) on behalf of a covered entity or business associate, are considered HIPAA business associates. HIPAA cloud service providers must comply [...]

2020-01-22T17:24:49-05:00January 8th, 2020|

MSP Security Rule Compliance

A managed service provider (MSP) is an entity that remotely manages a covered entity’s  IT infrastructure, and/or end-user systems. Managed service providers who work with clients in the healthcare sector must comply with the HIPAA Security Rule.  Under the HIPAA Security Rule, MSPs must perform a security risk analysis. What Does MSP Security Rule Compliance Consist of? MSP Security Rule compliance has several components. One central component is performing [...]

2020-01-22T17:23:59-05:00January 7th, 2020|

Electronic Health Information Exchange and HIPAA

Under the HIPAA Privacy Rule, the use or disclosure of protected health information (PHI) is permitted for treatment purposes. Electronic health information exchange - a method of data transmission allowing healthcare professionals and patients to access and secure PHI electronically - facilitates quality treatment, without running afoul of the HIPAA Privacy Rule or the HIPAA Security Rule. What is Electronic Health Information Exchange? Electronic health information exchange (HIE) is [...]

2020-01-06T16:44:34-05:00January 3rd, 2020|

Accidental Disclosure of PHI

Even when a covered entity or business associate maintains an effective HIPAA compliance program, an accidental disclosure of PHI may be made. For example, an employee may accidentally view patient records. A mailing may be sent to the wrong recipient. This article discusses how covered entities and business associates should respond in the event of an accidental PHI disclosure or HIPAA violation. How Should Covered Entity Employees Respond to [...]

2020-01-06T16:07:43-05:00December 30th, 2019|

5 HIPAA Covered Entity Employee Tips

Covered entities’ employees play an important role in keeping PHI and ePHI secure. The following HIPAA covered entity employee tips can be used by your organization as part of a broader privacy and security effort.  Five HIPAA Covered Entity Employee Tips - reminders that covered entity employees should give their workforce - include: HIPAA Covered Entity Employee Tips, Tip 1: Employees should never share login credentials. Since login information [...]

2020-01-06T15:58:29-05:00December 27th, 2019|

HIPAA Compliance and AI Solutions

With the growing use of artificial intelligence (AI) solutions in the healthcare industry, executives must ensure that the technology that their organization is using is HIPAA compliant. HIPAA compliance is a complex issue that is constantly evolving to incorporate advancements in technology.  Part of the issue with securing data is the amount of data that is collected from users on a daily basis. The healthcare industry is adopting new [...]

2020-01-14T16:30:21-05:00December 26th, 2019|

HIPAA Requirements for Sending PHI

Healthcare entities require a means to easily share protected health information (PHI). When sending PHI it is imperative to keep HIPAA requirements in mind. The Health Insurance Portability and Accountability Act (HIPAA) set forth industry standards for creating, storing, and maintaining of PHI, including HIPAA requirements for sending PHI. Email The most convenient means of sending PHI is via email, however when sending PHI through email, organizations must have [...]

2020-01-03T16:33:21-05:00December 13th, 2019|