HIPAA Covered Entities may be subject to civil money penalties and criminal penalties for HIPAA violations.
HIPAA stands for Health Insurance Portability and Accountability Act of 1996.
HIPAA Covered Entities (CEs) are healthcare providers who conduct certain financial and administrative transactions electronically with PHI ( Ex: Healthcare providers who submit claims electronically), Health Plans, and Health Care Clearinghouses.
PHIstands for Protected Health Information. It is any data containing at least oneHIPAA identifier.
Business Associates (BAs) use or disclose Protected Health Information (PHI) while they conduct businesses with or on behalf of a HIPAA Covered Entity (CE), and are not members of the HIPAA Covered Entity's workforce.
Business Associate Agreements (BAAs) or Contracts outline how the HIPAA Covered Entity (CE) and the Business Associate (BA) will handle confidentiality, privacy, and security of Protected Health Information (PHI) involved.
Thus, a Business Associate Agreement (BAA) or Contract is required between a HIPAA Covered Entity (CE) and a Business Associate (BA); and between a Business Associate and its Subcontractors.
5-Do you respond to the threats and vulnerabilities identified in your SRA?
Updated: Feb 28
HIPAA Covered Entities and their Business Associates must respond to threats and vulnerabilities identified in their Security Risk Analysis (SRA). They must also maintain supporting documentation of their response. NEXT >
Want to read more?
Subscribe to www.mljconsultancy.net to keep reading this exclusive post.