Lessons From a Major Settlement Over PHI Disposal

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) reached a major settlement with a non-profit covered entity (CE) resolving allegations of violation of the HIPAA Privacy Rule for allegedly failing to appropriately and reasonably safeguard protected health information.

Continue reading »

Who is a Business Associate under HIPAA?

Last year’s passing of the new HIPAA requirements signaled the government’s concern that individually identifiable health information needs stronger protection beyond the borders of the healthcare industry. HIPAA already recognized this need by imposing obligations on covered entities and their business associates in prior versions of the rule. In the latest rule update, however, the US Department of Health and Human Services, among other things, expanded the definition and responsibilities of business associates and now made them directly liable for HIPAA noncompliance.

Continue reading »