Blog Archives

They want what!?

Takeaways: No longer are small providers “too small” for OCR to conduct a breach investigation. In an article concerning a breach investigation a copy of the information requested in the OCR letter was included. The items were to be supplied within 20 days. When I showed the list to others they had a look similar […]

Read More

Business Associate Agreement – Yours, Mine, or Ours?

Takeaways: Updated BAA deadline is Sept 23, 2014 and 5 Tips for managing your BAAs. Who is really in control of the content of the Business Associate Agreements to be signed? It has been a frequent question now that BAAs are required everywhere.  Just who gets to control what is in the BAA gets down […]

Read More

Are your BAs hiring Gilligan, Gomer, or Barney?

It is becoming increasingly apparent that Business Associates should be taking their responsibility more seriously than they have in the past.  Although, the past could be in previous years or, for some, just yesterday.  The recent settlement of the class-action lawsuit against Stanford Hospital & Clinic over a PHI breach should provide the impetus to […]

Read More

My Technology Company Says They Aren’t a BA. What do I do?

We have had a rash of these type questions lately.  Personally, I don’t understand why so many technology companies are fighting this concept.  It is really, really hard for anyone to meet the Security Rule requirements without an IT Department or IT Support Company.  In fact, many IT companies are coming to us to help […]

Read More

Do Your BA Due Diligence

Long gone are the days that you pull down a template Business Associate Agreement and everyone just signs it.  BAs may not understand the extent of their obligations under HIPAA.  You need to confirm your agreements plus check what they are really doing to comply. I really don’t recommend blindly using a template agreement to […]

Read More

How do you know who is a HIPAA Business Associate?

One of the first processes we go through for HIPAA Compliance is to identify all Business Associates (BAs).  That has to be done for CEs and BAs alike.  The Final Rule has changed the status and viewpoints for many CEs and BAs. We have addressed a lot of questions on the topic lately.  Now seemed […]

Read More

Business Associates: Step up Now to Protect your Covered Entities

The definition of a Business Associates (BAs) changed under HIPAA 2.0 to broaden the scope of who is considered a BA as well as exactly what a BA is obligated to do for compliance.  While the changes seem obvious and not too complicated to implement according to those writing the Omnibus Final Rule, the rest […]

Read More

Plan of Attack for HIPAA 2.0

Where do you get started with all these changes? It is important to understand that HIPAA 2.0 compliance means more than just having an annual training session and a book of policies on the shelf.  HIPAA 2.0 means regular training in all areas of your business and documentation of everything including regular reviews of your […]

Read More

Omnibus Final Rule Quick Overview

There is a lot of information to cover in the details of the Final Rule. This article only contains a list of bullet points.  All changes in the 2013 Omnibus Rule are not guaranteed to be included in this list. Each entity should make sure they review all aspects of the Rule with their business […]

Read More