Health IT Pulse

Sep 9 2011   11:37AM GMT

Will your business associates cause a health care data breach?

AnneSteciw Profile: AnneSteciw

Tags:
Data breach
HIPAA business associate
HIPAA violations

No health care organization is immune to a data breach. Health care data breach notifications have been on the rise since the Office for Civil Rights began collecting them, and this year has even seen reports of breaches from HIPAA auditors.

The latest health care data breach to make headlines — Stanford Hospital’s report that data on 20,000 emergency room patients had been posted to a public website for nearly a year — only reinforces the notion that no one is immune to risk. It also highlights the importance of knowing what your business associates are doing with your health care data.

According to the New York Times article, Stanford’s breach was caused by a billing contractor identified as Multi-Specialty Collection Services, who created a spreadsheet as part of a billing-and-payment analysis for the hospital. It is not clear who posted the spreadsheet to a commercial homework review website, where it remained publicly available for almost a year before a patient reported the breach to Stanford Hospital on August 22. The spreadsheet was promptly removed from the site by administrators. The hospital immediately suspended its relationship with the contractor and requested assurance that the file would be returned or destroyed immediately.

One month earlier, Beth Israel Deaconess Medical Center posted a breach notification to its website, reporting “a potential breach of protected health information as a result of the failure of a vendor to restore security controls following routine maintenance.” The vendor’s error left a BIDMC computer vulnerable to a virus, causing it to transmit data to an unknown location.

With hundreds — or even thousands — of business associates at play in health care, it’s not surprising that so many breaches are happening. A recent survey shows that data breach sufferers are in good company: Over 70% of survey respondents claimed to have had a breach of protected health information in the last year.

That’s a pretty big percentage. To help minimize the risk of a data breach, health care providers should consider reviewing and updating their HIPAA business associate agreements (BAAs) to ensure that business associates have patient-data protections in place. Don’t let your business associates put your organization’s name in the headlines as the next perpetrator of a health care data breach.

7  Comments on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • SearchHealthIT
    Stanford U #healthcare #databreach shows importance of reviewing #HIPAA business associate agreements http://t.co/ku9wzVs #HealthIT
    0 pointsBadges:
    report
  • Jenny Laurello
    Are your business associates going to cause a health care data breach? http://t.co/jEInsMm #HITpol #HITsm #EHR #HealthIT
    0 pointsBadges:
    report
  • Curaspan
    RT @HITExchange: Are your business associates going to cause a data breach? http://t.co/pH5rZdi Good reason for electronic communications
    0 pointsBadges:
    report
  • Health IT
    RT @HITExchange: Are your business associates going to cause a health care data breach? http://t.co/r4dHYwr #EHR #HealthIT #infogov
    0 pointsBadges:
    report
  • Jenny Laurello
    Are your business associates going to cause a #healthIT #databreach? http://t.co/jEInsMm #HITpol #HITsm #EHR #EMR
    0 pointsBadges:
    report
  • Stillerman Law Firm
    Will your business associates cause a health care data breach? http://t.co/IEA2z6e #healthlaw
    0 pointsBadges:
    report
  • Data Breach News | Securing Reality™
    [...] stories caught our eye last week, following the Stanford breach reported earlier this month: •    The San Antonio, Texas TRICARE affair involving the loss [...]
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: