Posts Tagged ‘oversight’
Wednesday, February 20th, 2013
Are you a covered entity (CE) or business associate (BA) as defined by HIPAA? There are literally millions of organizations in the U.S. that fall under these definitions, and possibly additional millions of BAs outside of the U.S. providing services to U.S.-based CEs. The impact is significant, and truly world-wide. If you are a CE or BA, did you know that your information security and privacy activities, or lack thereof, could cause physical harm to patients and insureds, and that you can receive significant penalties under the new HIPAA rules based upon those impacts? (more…)
Tags:audit, awareness, BA, BA Agreement, BA contract, breach, breach harm, breach response, business associate, compliance, contracted workers, customers, data protection, due diligence, e-mail, electronic mail, email, employees, employment, Final Rule, HIPAA, hiring, HITECH, HR, human resources, IBM, Information Security, information technology, infosec, IT security, job applicants, laws, liability, Mega Rule, messaging, midmarket, non-compliance, Obmnibus, outsource, oversight, patients, personal information, personally identifiable information, personnel, physical harm, PII, policies, privacy, privacy breach, privacy professor, privacyprof, Rebecca Herold, right to audit, risk, risk assessment, risk management, security, sensitive personal information, SPI, systems security, training, walk through
Posted in BA, CE, HIPAA, HITECH | No Comments »
Sunday, February 3rd, 2013
Over the years when working with a wide range of organizations, helping them to identify where all forms of their business information (including customer, client, patient and employee information) is located. One of the key activities is identifying and documenting all business associates, service providers, business partners, and all other types of outsourced entities that possess or have other types of access to this information. (more…)
Tags:audit, awareness, BA, BA Agreement, BA contract, breach, business associate, compliance, contracted workers, customers, data protection, due diligence, e-mail, electronic mail, email, employees, employment, Final Rule, HIPAA, hiring, HR, human resources, IBM, Information Security, information technology, infosec, IT security, job applicants, laws, liability, Mega Rule, messaging, midmarket, non-compliance, Obmnibus, outsource, oversight, patients, personal information, personally identifiable information, personnel, PII, policies, privacy, privacy breach, privacy professor, privacyprof, Rebecca Herold, right to audit, risk, risk assessment, risk management, security, sensitive personal information, SPI, systems security, training, walk through
Posted in BA | No Comments »