I frequently write about HIPAA enforcement by the Office for Civil Rights at the U.S. Department of Health and Human Services ("OCR"). However, there..
In the wake of two damaging hurricanes, the topic of emergency preparedness is at the top of mind for many Covered Entities and Business Associates...
One of the most common questions I hear is, “Can I send patient information to…” with a plethora of situations and organizations completing that..
As a Covered Entity or a Business Associate, you know you need Business Associate Agreements with entities that perform a service or a function for you..
Most people in the industry believe HIPAA requires notification of a breach to the federal government and affected individuals within 60 days of discovery..
Most people with even a casual understanding of HIPAA realize there is a great deal of gray area involved in the implementation of the Rule. This is..
There's More to Know: When You Think, You Know Everything About HIPAA and Data Breach Risks
Transferring PHI without an executed Business Associate Agreement ("BAA") has become a point of intense focus for federal regulators, and one from which..