Tag Archives: risk management

What Covered Entities and Business Associates Need to Do to Prepare for the New HIPAA/HITECH Requirements (Part I)

Photo of Theodore J. Kobus IIIBy Theodore J. Kobus III on Posted in Breach Notification, Data Breach Notification Laws, Data Breaches, Enforcement, HIPAA/HITECH, Medical Privacy
The Department of Health and Human Services (HHS) issued, on January 17, 2013, its Final Omnibus Rule modifying the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy and Security Rules as well as the breach notification rules of the Health Information Technology for Economic and Clinical Health Act (“HITECH”).  Our initial discussion can … Continue Reading

All Contracts with Vendors Who Handle Personal Information of Massachusetts Residents Must Have Appropriate Safeguards in Place by March 1, 2012

Photo of Theodore J. Kobus IIIBy Theodore J. Kobus III on Posted in Enforcement, Information Security
Regulators are focusing more and more on how responsible organizations are when engaging third-party vendors.  HIPAA has in place requirements for engaging business associates.  The Connecticut Department of Insurance has requirements for reporting breaches caused by vendors.  And, the Massachusetts Attorney General, through the Data Security Regulations, requires oversight of third-party service providers.  This is … Continue Reading

The A to Z of Healthcare Data Breaches

Photo of Theodore J. Kobus IIIBy Theodore J. Kobus III on Posted in Breach Notification, Data Breach Notification Laws, Data Breaches, HIPAA/HITECH, Medical Privacy
I recently presented on the topic of Healthcare Data Breaches–A to Z at the annual American Society for Healthcare Risk Management (ASHRM) conference in Phoenix.  Attendees at any conference are always looking for practical takeaways to share with their colleagues and to help guide them even before a crisis event occurs.  During my presentation, with … Continue Reading
LexBlog