Organizations, known as covered entities, subject to HIPAA regulations already have a difficult time preventing and detecting unauthorized access to patient information within their own organizations – now they have the added burden of managing the access of business associates. This was the case with Meritus Health, who recently notified the Department of Health and Human Services’ Office for Civil Rights that one of their business associates had inappropriately accessed patient information. … [Read more...]
Meritus Health Business Associate Breach
On June 26, 2015, Meritus Health reported to the U.S. Department of Health and Human Services’ Office for Civil Rights a potential privacy breach associated with protected health information (PHI). The incident was found in May during a routine compliance and self-audit. During the investigation it was found that an employee of one of their business associates had inappropriately accessed patient records. While business associates may have access to the protected health information held by … [Read more...]
PHI – Protected Health Information
HIPAA, the Health Insurance Portability and Accountability Act, directly affects all organizations that directly maintain and transmit protected health information. These include: health care providers hospitals physician practices dental practices health plans laboratories health care clearinghouses pharmacies, etc. In addition, business associates who work with these organizations and have access to protected health information, or PHI, now also fall under the HIPAA … [Read more...]