HIPAA Update: New Rules, New Challenges. Jill Moore April 2013 . New Rules. Business Associates. A person or entity that creates, receives, transmits, or maintains PHI in the course of providing business or administrative functions for a covered entity
You may need to dust off your HIPAA jargon dictionary.
Risk analysis factors
Nature and extent of PHI, including types of identifiers & likelihood of re-identification
Unauthorized person who received disclosure or used PHI
Whether PHI was actually acquired and viewed
Extent to which any risk to PHI has been mitigated
In an investigation, expect HHS to request copies of your policies. You will want them to be readily accessible and up-to-date.