Major breaches of patient information in 2009 break down into three types: snoopers, hackers, and those involving large quantities of data. Let's examine the top breach of each type and find out what facilities can do to prevent similar problems.
Under HITECH—approved as part of the American Recovery and Reinvestment Act—business associates (BA) must now comply with the HIPAA security rule, the use and disclosure provisions of the HIPAA privacy rule, and new HITECH privacy and security provisions.
Determine whether and how you’re vulnerable, as well as whether revising your policies and beefing up your education to specifically address these privacy concerns is enough to satisfy your HIPAA responsibilities and the wants of your staff members.
Chris Apgar, CISSP, and John R. Christiansen, JD, answered questions regarding BA contracts during HCPro’s July 29, 2009, audio conference, “Business Associates and Covered Entities: Adapt Contracts to Comply with New HIPAA Law.” Apgar, president of Apgar & Associates, LLC, in Portland, OR, and Christiansen, founder of Christiansen IT Law in Seattle, provided the following responses to questions posed during the audio conference:
