HIPAA Breach: Who You Gonna Call?

Everyone knows that you call a plumber for a leaking pipe, a mason for a cracked stonewall, and an electrician to fix faulty wiring. However, when faced with an actual or suspected HIPAA data breach, many folks struggle with determining whom to call. Failure to have contacts lined up ahead of time may pose more than an inconvenience–any delay in bringing in experienced advisors to assist with breach investigation, response and mitigation may result in significant financial and legal consequences. HIPAA covered entities and business associates should have a written breach response policy and protocol. The policy and protocol should provide clear guidance to the covered entity’s or business associate’s…

READ MORE

HIPAA Final Rule: Modification of Business Associate Definition, Parts (1) & (2)

February 8, 2013.  Today, we examine (1) and (2)—the first two parts of four—of the business associate definition, as modified by the Final Rule:  Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013.  The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. As with its predecessor, the modified definition of business associate refers to “business associate means, with…

READ MORE