HIPAA Compliance Blog

Anthem, Inc., a defined Business Associate that provided administrative support services for the Anthem Affiliated Covered Entities (Anthem ACE), has committed to a $16 million settlement to the U.S. Department of Health and Human Services, Office for Civil Rights (OCR). This is the largest settlement ever announced by OCR.

At the HIPAA Security Conference in DC that took place on October 18 & 19, 2018, one of the most valued speakers, Serena Mosley-Day, Acting Senior Advisor Compliance and Enforcement, HHS Office for Civil Rights.

Most expenditures undertaken by covered entities and/or their business associates to ensure compliance with the HIPAA Security Rule are related to network security, data storage, and endpoint access.

According to HIPAA mandates, a third party that engages with PHI or ePHI through the services it is contracted to provide to the covering entity (for example, a clinic, medical support, social services, or health organization) is considered a business associate.

In the throes of the back to school rush, it is easy for parents and guardians to forget about the impacts and function of HIPAA privacy and security safeguards and their attendant risks, which take place when those same safeguards are ignored or under/over-utilized.