HIPAA Breach: Who You Gonna Call?
Everyone knows that you call a plumber for a leaking pipe, a mason for a cracked stonewall, and an electrician to fix faulty wiring. However, when faced with an actual or suspected HIPAA data breach, many folks struggle with determining whom to call. Failure to have contacts lined up ahead of time may pose more than an inconvenience–any delay in bringing in experienced advisors to assist with breach investigation, response and mitigation may result in significant financial and legal consequences. HIPAA covered entities and business associates should have a written breach response policy and protocol. The policy and protocol should provide clear guidance to the covered entity’s or business associate’s…
Can I Be Sued for a HIPAA Violation?
I am asked that question almost weekly. While the answer has traditionally been “no,” the legal landscape is shifting and the risk of being sued continues to increase. Let’s first start with some background. As some of you may know, HIPAA does not include a “private right of action.” This means that an individual may not file
a claim against a covered entity or a business associate in order to enforce HIPAA or seek damages in response to a HIPAA violation. For example, a patient is not able to sue a dentist if the dentist fails to distribute a Notice of Privacy Practices or enter into a business associate agreement….
Business Associate Agreements – a First Look at Indemnification
A party’s responsibilities under HIPAA generally come from two sources – the law itself and the business associate agreement entered into between the covered entity (the health care provider or health plan) and the business associate (its vendor). While all parts of a business associate agreement are important, there are certain terms that are most likely to affect the parties’ liability and obligations. One of these key terms is. and it is often the section of the business associate agreement that lawyers most often fight over. Folks often wonder why lawyers tend to focus so much on this section, and the short answer is that when things go wrong–such…
Gmail, Google Apps for Business HIPAA Business Associate Agreements