How Do You Weigh Vendor Risk Exposure?

vendor risk exposure risk management

When it comes to vendor risk exposure and its management, you need to know how to implement a proper program that aligns with HIPAA compliance. Because whether you’re talking Cloud Service Providers or others, a solid vendor risk management program is key to potentially how well your organization can avoid a serious PHI security incident. … Read more

Are Business Associates Taking the Hit for CEs?

HIPAA and business associates

Looks like it could be a thing. All business associates (BAs), from super small, like small agency web hosting companies or medical transcriptionists, to large TPAs or data aggregation services, need to pay attention.  The recent settlement of Jelly Bean Communications LLC with the Department of Justice – yes, you read that right, the DOJ … Read more

What’s the California Assembly’s Course Correction mean to CCPA?

CCPA Course Correction HIPAA Exemption

Well, remember the issues around what the “HIPAA exemption” in the California Consumer Privacy Act (CCPA) really applied to?  We wrote about it here all the way back in May 2019. Turns out our impression was correct – so correct that California just passed a law to correct it! Here’s the skinny: On September 5, … Read more

Business Associate or Conduit? Why a BAA likely applies to you.

BAA protect PHI

Ever run into a vendor who claims to be a conduit versus a business associate (BA)? It happens all too often, in my experience. Here’s the problem: the conduit exception is a narrow one. If you’re storing PHI data, even encrypted PHI where you don’t have the encryption key, you’re a BA. Sign the Business … Read more

Migrating to a Cloud Service: Is your BAA in place?

In a recent LinkedIn discussion between colleagues in our HIPAA Survival Guide group, a member posed an interesting question that probably doesn’t usually garner much attention in the general scheme of things when upgrading technology: If a company is a HIPAA Covered Entity and is migrating to Microsoft Office 365 (which is a cloud-based solution) … Read more