If there is one life or death issue for a Covered Entity and its Business Associate, it has to be HIPAA compliance. This is one point that could determine whether they will continue to be in business or fold up. This underlines the criticality of HIPAA compliance for a Covered Entity and a Business Associate.
While providing the appropriate patient rights and controls on its uses and disclosures is important to show compliance with HIPAA, a Covered Entity or a Business Associate needs to do more: it has to also to demonstrate this.
The CE or BA should also have performed the appropriate analysis of the risks to the confidentiality, integrity, and availability of electronic Protected Health Information (PHI). Unless this is done in a compliant manner, the CE or BA cannot ensure that it is protecting the PHI from vulnerabilities. Loss of a device holding data, accidental acts or…
View original post 502 more words