Not-for-Profit Business Associate—No Risk Analysis: $650,000 Settlement: HIPAA & HITECH Act Blog by Jonathan P. Tomes
The Catholic Health Care Services of the Archdiocese of Philadelphia (“CHCS”), a not-for-profit business associate, was the corporate owner of six nursing homes and provided .. read more
Illinois Joins California in Affording More Protection to Personal Information: HIPAA & HITECH Act Blog by Jonathan P. Tomes
In May, the Governor of Illinois, Bruce Rauner, signed amendments to the Illinois Personal Information Protection Act (“PIPA”), 815 ILCS 530/1 et seq., expanding the .. read more
$1.55 Million Settlement Stresses Importance of Business Associate Agreements: HIPAA & HITECH Act Blog by Jonathan P. Tomes
A recent settlement in lieu of a civil money penalty underscores the importance of having business associate agreements in place with entities that perform a .. read more
California Determines What Is Reasonable and Appropriate for Securing Health Information: HIPAA & HITECH Act Blog by Jonathan P. Tomes
HIPAA requires covered entities and business associates to implement reasonable and appropriate security measures in § 164.308(a)(1)(ii)(B), the risk management Administrative safeguards, but although it does .. read more
Shooting, God Forbid, on the Premises of a Health Care Provider or Business Associate, Including HIPAA Aspects: HIPAA & HITECH Act Blog by Jonathan P. Tomes
Yet another mass shooting, this one in a Social Services Agency in San Bernardino, CA, coupled with my being asked to weigh in on protecting .. read more
Latest HIPAA Violation Settlement–$850,000 for a Stolen Laptop: HIPAA & HITECH Act Blog by Jonathan P. Tomes
I don’t understand why, with all the high six-figure and seven-figure resolution agreements (basically, settlements), covered entities do not provide adequate security for laptops and .. read more
Data Destruction and HIPAA Competence as Related to IT Support Companies: HIPAA & HITECH Act Blog by Jonathan P. Tomes with Guest Commentator Michael B. O’Hara, CISSP
Michael B. O’Hara’s narrative, part 1: Recently, my company, KB Computing, LLC, lost a managed services client. The reason, as it so often is, was .. read more
Latest HIPAA Settlement—a Lesson Still Not Learned: HIPAA & HITECH Act Blog by Jonathan P. Tomes
Although most civil money penalties (“CMPs”) to date have involved risk analysis—that is, failure to do one, failure to do a complete one, or failure .. read more
Some Good News and an Apology: HIPAA & HITECH Act Blog by Jonathan P. Tomes
The good news is that I purchased Richard Dvorak’s half interest in Veterans Press and its wholly owned subsidiary, EMR Legal (the consulting arm of .. read more
Is Office 365 HIPAA Compliant? HIPAA & HITECH Act Blog by Jonathan P. Tomes with Guest Commentator Brent Sadler
The following question came through our website: “Hello “I was wondering if you can answer a question. I realize email and EPHI is an ongoing .. read more
