Q: The hospital where I work entered into a business associate agreement (BAA) that requires the business associate (BA) to notify us of a potential breach no more than 60 days after it is discovered.
Editor's note: With the increased specificity required for ICD-10-CM coding, coders need a solid foundation in anatomy and physiology. To help coders prepare for the upcoming transition, we will provide an occasional article about specific anatomical locations and body parts as part of a larger series for ICD-10-CM preparation. This month's column addresses the anatomy of the feet.
Watch out, the criminals are coming, and they want to make money off of PHI your organization stores. It's one more thing to add to the growing list of compliance concerns that covered entities (CE) and business associates (BA) have to worry about when protecting internal PHI.
You hear it over and over again. Covered Entity (CE) A failed to produce an ongoing risk assessment for HIPAA security compliance. CE B had an incomplete risk analysis, leading to a failure to recognize security weaknesses and vulnerabilities. And in come the fines.
