How to Avoid Multi-Million-Dollar HIPAA Phone & Data Penalties
The Office for Civil Rights just announced a $ 3 million penalty against Touchstone Medical Imaging, partly because Touchstone “failed to have business associate agreements in place with its vendors, including their IT support vendor and a third-party data center provider as required by HIPAA.”
This is the first penalty that clearly states third-party data centers are Business Associates. Third-party data centers can include co-location facilities where you store your own servers and network devices; and cloud services that allow you to configure and manage your own servers using infrastructure they own. Other cloud services provide software-as-a-service, like Microsoft Office 365, cloud-based Electronic Health Record systems, and cloud-based Voice Over IP (VOIP) phone services that record messages, record calls, and convert voice messages to emails. Healthcare IT Today – READ MORE