Use this sample form to create an inventory of all business associates, including contact information, services provided, the date the business associate agreement is signed, and the date it expires.
Cyberattacks are growing more common and more devastating. Organizations without a clear plan of action could be left scrambling to mount a unified response—and running afoul of HIPAA.
Poor cybersecurity in the healthcare industry amounts to a public health concern, according to the Health Care Industry Cybersecurity Task Force, a federal task force established to fulfill requirements of the Cybersecurity Act of 2015.
A new model patient request for health information form aims to simplify the medical record request process and reduce confusion and errors that lead to compliance problems.
An Atlanta neurology clinic’s investigation of a ransomware attack on its network uncovered a separate cybersecurity incident going back more than a year. More than 170,000 individuals are affected.
Q: If we terminate a business associate agreement, are we required to obtain assurance that it has completely destroyed all of our protected health information (PHI) stored on its servers and other devices? If the PHI was not completely destroyed and was breached after we terminated the contract, who is responsible for reporting the breach?
Q: We recently became aware that several emails containing PHI were sent to an email address that was terminated. The emails were bouncing back to us and then were caught in our spam filter. Most of the emails sent to this address were encrypted, but one was not. Do we need to report this even though the email was never opened?
