The U.S. Department of Health and Human Services (HHS) and Office for Civil Rights announced on Wednesday, August 14, 2013 that Affinity Health Plan, Inc. will settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules for $1.2 million. Here’s today’s big RISK ANALYSIS TIP – You must subject all… Read More »
In a recent blog post we advised: “Be Careful Claiming “Conduit””. Two of our colleagues, Jason Riddle and Gary Ridner, attended the OCR/NIST 6th Annual Conference on Safeguarding Health Information in Washington in early June. Jason Riddle offers up this blog post and tip. Here’s today’s big tip – Sort out your Business Associate status before OCR… Read More »
I don’t know if you had a chance to listen to Kathleen Sebelius announce on a brief video, the HHS 2014 budget a few days ago, or read the “Highlights of the 2014 HHS Budget”. The video announcement did not cite the reason for the $1MM, or 2.4% increase in OCR’s budget over 2013. You might… Read More »
Two of our colleagues, Jason Riddle and Gary Ridner, attended the OCR/NIST 6th Annual Conference on Safeguarding Health Information in Washington in early June. Gary Ridner offers up this blog post and tip. Here’s today’s big tip – Take Stock of Your HIPAA Privacy and Breach Notification Compliance Status!
Gregory J. Ehardt, JD, LL.M. | HIPAA/Assistant Compliance Officer | HCA Adjunct Professor | Office of General Counsel | Idaho State University has joined the Clearwater HIPAA Compliance BootCamp™ Faculty. Mr. Ehardt will be sharing his experiences and lessons learned from the recent OCR Investigation that resulted in a Settlement Agreement with HHS/OCR that included… Read More »
This post is motivated by three phone conversations in one day with likely Business Associates (BAs), trying to sort out if they really are a HIPAA Business Associate. Millions of companies are now statutorily obligated to comply with HIPAA-HITECH regulations, because of their BA status. They’d prefer to meet the “conduit exception” requirements and not… Read More »
OCR has published audit protocols as part of the program to conduct the HITECH-mandated audits of Covered Entities and Business Associates. Learn the specific audit procedures around meeting the explicit requirement to conduct an Evaluation at 45 CFR §164.308(a)(8). If you create, receive, maintain or transmit ePHI, you should view this webinar.