If you are reading this post, it is highly likely that you already know that you are required to do a security risk analysis. You know that HIPAA, Promoting Interoperability Program (PIP) (formerly known as Meaningful Use) and MIPS all require it. You are also...
As a HIPAA privacy or security officer, you are used to seeing HIPAA compliance issues pop up out of nowhere. You don’t have the time to chase down the details of every security incident in your organization. However, security incident tracking doesn’t...
You know you must provide HIPAA training to new employees shortly after employment. However, a frequently forgotten part of training is security reminders. Security reminders are a required administrative safeguard under the HIPAA Security Rule. The Security Rule also...
The HIPAA business associate agreement (BAA) lays out your business associate’s obligations to protect your data. The previous blog gave an overview of BAAs. Let’s hone in on six important BAA provisions: Permissible uses and disclosures of protected...
Before you outsource any of your organization’s functions to a third party, you need to do your research. Will the vendor handle PHI on behalf of your organization? If so, they’re a business associate (BA). Then conduct due diligence to be sure you can trust the...