The facts of life for HIPAA business associates


Flask Data provides a one-stop cloud subscription for EDC, data management and statistics.

If you are a biomed vendor and you collect any  kind of PHI (protected health information) in your medical device or store information in the cloud (including public cloud services like Google Drive and Dropbox) you need to be aware of US healthcare information privacy regulation.

As a medical device vendor selling to healthcare providers, hospitals, physicians and health information providers in the US, you may be directly liable for violations of the HIPAA Security Rule for impermissible use and disclosure of PHI (protected health information) in any form, paper or digital.

You cannot hide behind your contract with the covered entity or sub-contract your services to another entity.

You must now comply with the HIPAA Security Rule yourself.

In the past you could rely on your business contract with your covered entity customer as a business associate.

The Final Rule makes business associates of covered entities directly liable for Federal penalties for failures to comply.

The Security Rule’s administrative, physical, and technical safeguards requirements in §§ 164.308, 164.310, and 164.312, as well as the Rule’s policies and procedures and documentation requirements in § 164.316, apply to business associates in the same manner as these requirements apply to covered entities; business associates are now civilly and criminally liable for violations of these provisions.

When a breach of patient privacy occurs, business associates and their sub-contractors must notify HHS if more than 500 records have been disclosed.

The HIPAA Final rule becomes effective March 26, 2013. Everyone has to comply by September 23, 2013.  That includes medical device vendors like you.

 I’m a small biomed startup – what should I do?

Smaller or less sophisticated  biomed vendors may not have engaged in the formal safeguards required by the HIPAA Security Rule, and may find the Final Rule and even intimidating new territory .

Software Associates specialize in software security and HIPAA compliance for biomed. We use a robust threat modeling process that  analyzes multiple threat scenarios and generates best-fit cost-effective safeguards  in a  highly effective way of achieving robust software security and HIPAA compliance

We will help you achieve HIPAA compliance and implement the right safeguards for your product.

Please feel free to contact us at any time and ask for a free phone consultation.

 

Related Posts Plugin for WordPress, Blogger...

Flask Data is a technology company with a strong people focus. We are a diverse group of computer scientists and clinical operations specialists based in Israel, the US and India. We are accomplished at providing our customers with the most effective way to achieve high quality clinical data and assure patient safety. There is no single solution that works for every clinical trial. We work hard to understand your unique situation. We work with your team to develop the best solution to achieve high quality clinical data and assure patient safety the same day you engage with patients.

Flask Data – same data data and safety solutions for clinical trials.

Contact us to learn more

Tell your friends and colleagues about us. Thanks!
Share this
, ,

Leave a Reply