It's a brave new world out there for business associates (BA). BAs needed to comply with the HIPAA Security Rule and the use and disclosure provisions of the Privacy Rule in February 2010 as a result of the HITECH Act. However, the Office for Civil Rights (OCR) held off on any enforcement activities-that is, until recently.
Every healthcare organization should develop and implement a policy and a well-defined process that provides guidance for managing incident and breach response.
Reliable data backup is critical. If a backup is not in place and your system crashes, you not only have a HIPAA compliance problem, but you may not be able to support your critical operations. IDrive® is a secure backup service that provides "ready when you need it" backup restoration and meets the National Institute of Standards and Technology safe harbor encryption standard.
To comply with the HIPAA omnibus final rule, healthcare organizations need to revise their risk assessment process to determine whether they must notify affected individuals of a breach.
