Data Destruction and HIPAA Competence as Related to IT Support Companies: HIPAA & HITECH Act Blog by Jonathan P. Tomes with Guest Commentator Michael B. O’Hara, CISSP
Michael B. O’Hara’s narrative, part 1: Recently, my company, KB Computing, LLC, lost a managed services client. The reason, as it so often is, was .. read more
American Bar Association Publishes Book on What Are International HIPAA Considerations? HIPAA & HITECH Act Blog by Jonathan P. Tomes
Many covered entities and “upstream” business associates use foreign companies to perform services for them that make them business associates. The most common of these .. read more
Is Office 365 HIPAA Compliant? HIPAA & HITECH Act Blog by Jonathan P. Tomes with Guest Commentator Brent Sadler
The following question came through our website: “Hello “I was wondering if you can answer a question. I realize email and EPHI is an ongoing .. read more
Appendix A to the Business Associate Agreement: HIPAA & HITECH Act Blog by Jonathan P. Tomes
Often, my office gets calls and emails asking what Appendix A is to such an agreement and what should it say. We get these questions .. read more
Phase II Audits: HIPAA Privacy, Security, and Breach Notification Heads Up: HIPAA & HITECH Act Blog by Jonathan P. Tomes
Section 13411 of the HITECH Act requires the Department of Health and Human Services (“DHHS”) to audit covered entities and business associates to ensure that .. read more
Business Associates? How Low Can You Go? HIPAA & HITECH Act Blog by Jonathan P. Tomes
The Omnibus Rule effectively made “downstream” business associates—that is, subcontractors—into business associates and thus effectively into covered entities. They are now effectively if not by .. read more
What Legal Support Services Need to Know About HIPAA: HIPAA & HITECH Act Blog by Jonathan P. Tomes
Legal support services have become an important part of the legal system. Such services include the following: service of process; obtaining, translating, copying, and assembling .. read more
Potential Business Associate Screening Questionnaire Now Available on Premium Member Section: HIPAA & HITECH Act Blog by Jonathan P. Tomes
You do not necessarily have to ask a potential business associate to complete all or portions of the questionnaire that I have developed and made .. read more
New Confidentiality Agreement with a Custodial Service Posted in Premium Member Section: HIPAA & HITECH Act Blog by Jonathan P. Tomes
We do not believe that a HIPAA covered entity or upstream business associate should enter into a business associate agreement (“BAA”) with a custodial service .. read more
Insurance for HIPAA Violations? HIPAA & HITECH Act Blog by Jonathan P. Tomes
A Premium Member asked me what I recommended for the policy limits for insurance for HIPAA violations. Without obtaining a lot more information, such as .. read more