Directly addressed in HHS' press release regarding the WellPoint
settlement, HHS instructs covered entities and their business associates to
have in place reasonable and appropriate technical, administrative, and
physical safeguards to protect the confidentiality, integrity, and
availability of ePHI.  As previously discussed on the Data Privacy Monitor,
beginning September 23, 2013, liability for HIPAA violations will extend
directly to business associates that receive or store PHI.

http://www.mondaq.com/unitedstates/x/251444/data+protection/HHS+OCR+Sends+Message+To+CEs+And+Their+BAs+Protect+ePHI+Accessible+Over+The+Internet&email_access=on

If you are a consultant offering services to anyone in the health services
field or a commercial storage services firm that stores information for
clients in the health services industry, pay close attention to this ruling.

On Sept 23 of this year, everything in this will potentially impact you, if
your contractual agreement or your responsibilities identify you as a
"business assoiciate".

The HHS has been getting closer and closer to making this a reality over
the past 3 years, but by doing this, they are allowing the health services
industry to deflect some of the risk away form themselves and to "spread
the pain" to their business associates.

Larry
[log in to unmask]

-- 
*Lawrence J. Medina
Danville, CA
RIM Professional since 1972*

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]