Manage

HIPAA violation examples: The five most common mistakes

By

Kristen Lee, News Writer

2/6

HIPAA business associate agreement, or lack thereof, causes problems

Source: yogysic/iStock

Visual Editor: Sarah Evans

One way that HIPAA is often violated is in relation to HIPAA business associate agreements, according to the Office for Civil Rights (OCR). Or, more accurately, the lack thereof.

A HIPAA business associate agreement (BAA) is a contract between a HIPAA-covered entity, such as a hospital, and the organization or person providing services to the covered entity, such as a HIPAA business associate. The BAA protects personal health information (PHI). For example, an accounting or consulting firm that works with a hospital would be considered a HIPAA business associate.

In some cases, however, it can be difficult to identify who qualifies as a HIPAA business associate. One example of this is app developers. The U.S. Department of Health and Human Services released guidance for healthcare app developers in February 2016 detailing specific examples and scenarios to help developers understand whether their app deals with PHI and, therefore, needs to be HIPAA compliant.

View All Photo Stories

SearchCompliance

How to evaluate and select GRC vendors and tools
There is a variety of governance, risk and compliance software on the market. Learn about some of the available products and how ...
10 CCPA enforcement cases from the law's first year
It's been more than a year since CCPA enforcement began, and organizations started hearing from the California attorney general. ...
Use ISO 22332 to improve business continuity plans
Standards offer guidance on business continuity and disaster recovery plans. ISO 22332 is no exception, providing great detail on...

SearchCIO

China wants more say in setting global technology standards
China wants a bigger seat at the global technology standards-setting table, and experts advise the U.S. to take a cautious yet ...
How to harness the disruption of hyperautomation
Hyperautomation technologies will disrupt business and IT operations, but smart organizations can use them as fuel for successful...
What are the pros and cons of shadow IT?
As employees continue working remotely, the prevalence of shadow IT grows. This inevitability is forcing IT leaders to weigh the ...

SearchCloudComputing

3 best practices for Amazon S3 cost optimization
Everything a business runs in the cloud costs money, and AWS S3 storage is no exception. Smart AWS users understand how to adjust...
Google adds hardware flexibility to distributed cloud
Google Distributed Cloud Edge, available in preview, takes the company's cloud computing infrastructure to the private data ...
How to negotiate a cloud agreement that works
In a cloud initiative, the difference between disappointment and success is connected to the quality of the contract. Consider ...

SearchMobileComputing

Disney adopts Amazon's white-label voice assistant for hotels
The "Hey Disney" voice assistant is the first use of Amazon's white-labeled voice assistant in a major hotel chain. It will ...
Apple improves MDM on iOS, iPad OS
Changes to Apple's mobile device management protocol could lead to better MDM products for iPhones and iPads. The protocol update...
Microsoft brings Thunderbolt to Surface computers
The high-speed Thunderbolt 4 port introduced in the Surface Laptop Studio and Surface Pro 8 will replace the USB-C ports found in...

SearchSecurity

Burned by Apple, researchers mull selling zero days to brokers
Security researchers have grown frustrated with Apple's lack of communication, ‘silent patching’ of vulnerabilities, denial of ...
Google digs into Iran's APT35 hacking group
Covert phishing tactics and cleverly disguised notifications are among the calling cards of the increasingly sophisticated ...
Enterprises ask Washington to step up cyber collaboration
During CISA's National Cybersecurity Summit, critical infrastructure companies said they need better information on cyberthreats ...

SearchStorage

Dell EMC Container Storage Modules hit general availability
Dell EMC announced the general availability of its six Container Storage Modules that are designed to make legacy storage ...
Faster block storage, Actifio's fate outlined at Google Cloud Next
Google Cloud Next announcements expand Google Cloud's enterprise storage portfolio with future native Actifio data protection and...
Qumulo, Levi's Stadium kick off into clouds for storage savings
Levi's Stadium, home of the San Francisco 49ers, moves data into the cloud and reduces data center redundancy with Qumulo by ...

Close