Standards that are "addressable" provide some flexibility to covered entities in that if the covered entity
decides that the addressable implementation specification is not reasonable and appropriate, it must document that determination and implement an equivalent alternative measure, presuming that the alternative is reasonable and appropriate.
By this date, each covered entity
will be required to complete its first required risk assessment under written policies and procedures, and document its findings.
Business associates are any organizations that provide services or products to the covered entity
, as indicated by the parameters of a BAA between the two parties.
Any covered entity
or business associate that inappropriately shares PHI is in big trouble and has breached the law.
b) Authorized User means any employee, contractor, agent or other Person that participates in the business operations of a Covered Entity
and is authorized to access and use any Information Systems and data of the Covered Entity
In the event of a cyber attack on a covered entity
, the ANPR is intended to enhance the covered entitys
ability to continue to function and to reduce the overall impact on the financial system resulting from interconnectedness.
Multiple breach reports coming from the same covered entity
or business associate.
Every covered entity
and business associate is eligible for an audit, the OCR noted.
As to growth, the number of covered entity
sites nearly doubled in
Additionally, effective February 18, 2010, many of the provisions of HIPAA also apply directly to "business associates," a term that generally encompasses an entity that performs a function or activity on behalf of a covered entity
or provides certain specific services for a covered entity
and has access to PHI.
Ideally, the person must also not be (or has been) a member of the executive committee of the board of directors, or an officer or employee, of the covered entity
, its subsidiaries, affiliates or related companies during the three-years immediately preceding the date of his election
The Security Rule's main objective is to protect ePHI and its operation and maintenance by the covered entity
as well as, for all intents and purposes, the related business associate.