Posts Tagged ‘covered entity’
Thursday, January 24th, 2013
The final HIPAA “mega rule” is going to be officially published on the Federal Register tomorrow, January 25, 2013. Currently the version available (https://s3.amazonaws.com/public-inspection.federalregister.gov/2013-01073.pdf) is “pre-publication” version.
Over the past week I’ve had numerous CEs and BAs contacting me, frantic to change their BA Agreements to “avoid complying with the Mega Rule for another year!” Wait, folks. You are misunderstanding; this is a very specific extension that only applies to the BA Agreements. Let me explain… (more…)
Tags:BA, BA Agreement, business associate, compliance, Compliance Helper, covered entity, federal register, Final Rule, healthcare, herold, HHS, HIPAA, HITECH, Information Security, Mega Rule, OCR, privacy, privacy professor, Rebecca Herold, security
Posted in BA, CE, HIPAA, HITECH | No Comments »
Friday, December 21st, 2012
This week I spoke with a small (~25 employees) organization (a business associate providing services to healthcare providers) that contacted me looking for help; they had purchased a whiz-bang “HIPAA compliance GRC” solution that included with everything else information security policies, but they couldn’t make any sense of the policies they were given or how they related to the rest of the expensive GRC tool. Grrr!! There are (more…)
Tags:audit, audits, awareness, BA, breach, business associate, business partner, CE, compliance, covered entity, customers, data protection, e-mail, electronic mail, email, employees, employment, HIPAA, hiring, HITECH, HR, human resources, IBM, Information Security, information technology, infosec, IT security, job applicants, laws, messaging, midmarket, non-compliance, patients, personal information, personally identifiable information, personnel, PII, policies, privacy, privacy breach, privacy professor, privacyprof, procedures, Rebecca Herold, risk, risk assessment, risk management, security, sensitive personal information, SPI, systems security, training, walk through
Posted in BA, CE, HIPAA, Information Security | 1 Comment »
Friday, March 2nd, 2012
I am looking forward to the day when we can look at the news headlines and not see some report about a lost or stolen computing device or storage device that contained unencrypted personal information and/or other sensitive information. And, I also want to stop seeing stories reappear about such an incident, such as the stolen NASA laptop with the clear text Space Station control codes that was stolen last year, but is making the headlines yet again today. NASA is a large enough, and tech savvy enough, organization to know better! However, there are many organizations that simply don’t understand what a valuable information security tool encryption is. I work with many small to medium sized businesses (SMBs), all of which have legal obligations (such as through HIPAA and HITECH, along with contractual requirements) to protect sensitive information, such as personal information. Over the past year I’ve heard way too many of them make remarks such as… (more…)
Tags:BA, business associate, CE, covered entity, encrypt, encryption, HIPAA, HITECH, IBM, medium business, midmarket, PHI, privacy, privacy professor, privacy rule, privacyprof, protected health information, Rebecca Herold, safeguards, security, security rule, small business, SMB, W-2, W2
Posted in Information Security | 1 Comment »
Monday, February 27th, 2012
“Is a W-2 form protected health information?” is a simple question with a complex answer that begins (I know, to the nail-biting chagrin of many), “It depends…”
First the full question: (more…)
Tags:BA, business associate, CE, covered entity, HIPAA, HITECH, IBM, midmarket, PHI, privacy, privacy professor, privacy rule, privacyprof, protected health information, Rebecca Herold, safeguards, security, security rule, W-2, W2
Posted in BA, CE, HIPAA, HITECH | No Comments »
Saturday, December 10th, 2011
On October 10, 2011, there was a report in the Baltimore Sun, “Law firm loses hard drive with patient records: Attorneys represent St. Joseph cardiologist sued for malpractice.” I posted about the report to one of the LinkedIn groups I participate in, pointing out that this is yet one more example of (more…)
Tags:BA, Baltimore, business associate, cardiologist, CE, compliance, covered entity, HIPAA, HITECH, hospital, Information Security, lawyer, malpractice, PHI, privacy, privacy breach, Rebecca Herold, St. Joseph, subpoena
Posted in BA, CE, healthcare, HIPAA, HITECH, Information Security, Laws & Regulations, privacy, Privacy and Compliance | 6 Comments »
