With Eyes Wide Open: How to Manage Vendor Compliance Liability

manage vendor compliance liability

Ever feel like your efforts to avoid compliance liability just turned into a game of hot potato? Is it a vendor responsibility (business associate or other third party) or yours? Consider cloud service providers (CSPs) as an example. Maintaining HIPAA compliance brings unique challenges to anyone working in or with the cloud. Don’t assume your … Read more

Are Business Associates Taking the Hit for CEs?

HIPAA and business associates

Looks like it could be a thing. All business associates (BAs), from super small, like small agency web hosting companies or medical transcriptionists, to large TPAs or data aggregation services, need to pay attention.  The recent settlement of Jelly Bean Communications LLC with the Department of Justice – yes, you read that right, the DOJ … Read more

New NPRM Makes Changes Geared to Reproductive Privacy Under HIPAA

NPRM relates to reproductive privacy under HIPAA

You’ve likely heard by now that the Office for Civil Rights (the OCR) published a Notice of Proposed Rulemaking (NPRM) on April 17, 2023, that makes changes to the HIPAA Privacy Rule to promote reproductive privacy (see the HHS Fact Sheet). The new NPRM makes changes related to uses and disclosures, and Notices of Privacy … Read more

What the End of PHE Means to Telehealth Services

telehealth services after PHE

Hello everyone!  The White House just announced that the COVID-19 Public Health Emergency (PHE) will end on May 11, 2023. This directly affects how telehealth services can be delivered. If you haven’t blocked out all memories of Spring 2020, you may recall that the Office for Civil Rights issued a Notice of Enforcement Discretion on … Read more

Apgar & Associates Achieves HITRUST® Readiness Licensee Designation

Apgar and associates-Logo

Designee builds on commitment to furthering excellence in the healthcare sector’s information security and privacy programs. PORTLAND, Ore., October 12, 2022 (Newswire.com) – Apgar & Associates, LLC today announced that it is designated as a HITRUST Readiness Licensee. With this achievement, Apgar & Associates is approved by HITRUST to perform consulting and readiness work for organizations looking … Read more

On the untimely passing of Chris Apgar, Founder of Apgar & Associates

Chris Apgar passes away

We at Apgar & Associates, LLC, are deeply saddened to share that Chris Apgar passed away unexpectedly this past weekend. As you may know, Chris founded Apgar & Associates over a decade ago. Chris and I have been life and business partners for years, helping hundreds of clients navigate complex information security and privacy issues. … Read more

Audit Log Monitoring: Tiresome But Oh-So-Necessary

audit-log-monitoring

Audit log monitoring is probably one of the most unsexy, uninteresting activities a healthcare organization or business associate has to do.  But neglect it at the risk of your solid bottom line and reputation. Last time we talked about how you can get into legal (and costly) hot water with badly aligned policies and procedures … Read more

Healthcare Organizations: What can get you into [costly] hot water?

healthcare org costly hot

For healthcare organizations and the businesses that support them, regulation and legislation too often turn into lawsuits and settlements. What’s happening to get you into trouble in the first place? How can you avoid the serious costs they bring – to the bottom line and to reputation? Here’s what Julia and I often see from … Read more

What’s the California Assembly’s Course Correction mean to CCPA?

CCPA Course Correction HIPAA Exemption

Well, remember the issues around what the “HIPAA exemption” in the California Consumer Privacy Act (CCPA) really applied to?  We wrote about it here all the way back in May 2019. Turns out our impression was correct – so correct that California just passed a law to correct it! Here’s the skinny: On September 5, … Read more