Covered entities should be very concerned about the possibility of a major breach of protected health information (PHI) originating from a Business Associate (BA). According to the Health and Human Services’ Wall of Shame, a single breach in 2015 by a BA in Indiana affected more than 3.9 million individuals which is more than all
Healthcare organizations have many relationships to manage, including patients, providers, payers, and vendors. On top of this, some relationships require a Business Associate Agreement (BAA) to comply with HIPAA. In order to determine if such an agreement is necessary, it is crucial to look at each relationship individually in order to provide proper treatment and
An individual’s right to access their protected health information (PHI) should be nothing new to covered entities. In 1996, HIPAA Privacy Rule detailed an individual’s right to access PHI. As part of HITECH and the Final Omnibus Rule, modifications to the Privacy Rule have included additional requirements for covered entities and business associates. Unfortunately, recent
The beginning of the New Year is a popular time for new initiatives. Many healthcare organizations are looking for ways to improve quality and reduce risk. A compliance program is an effective way to detect, deter and prevent wrongdoing in the healthcare setting and an ongoing system assures conformity with governing laws and regulations. An
As the end of the year approaches, keep in mind that all breaches of unsecured protected health information involving less than 500 individuals must be reported to the Secretary at the Department of Health and Human Services (HHS) within 60 days of the end of the calendar year. If the organization already reported a breach
The Office of the Inspector General (OIG) is responsible for protecting the integrity of the programs in Health and Human Services against fraud, waste and abuse as well as recommending improvements to the system that would promote efficiency and efficacy within the limits of the health care laws. Although OIG oversight includes programs such as
Health care fraud recoveries for fiscal years 2009- 2014 exceeded previous records with five straight years of more than $2 billion in annual recovery from cases involving fraud and false claims against federal health care programs such as Medicare and Medicaid. Most healthcare providers are aware of significant civil liability due to recent enforcement. However,
After reviewing the HIPAA Privacy case investigations from 2009-2011, the Office of the Inspector General sent a strong message to the Office of Civil Rights in regard to the administration and enforcement of the HIPAA Privacy Rule. The OIG recommendation is clear in the September 2015 executive summary, “OCR Should Strengthen Its Oversight of Covered
