2018 Business Associate Healthcare Data Breaches

Episode 63: Know The Rules! 2018 Business Associate Healthcare Data Breaches

Healthcare Data Breaches

In this week’s “Know The Rules!,” I am reviewing healthcare data breaches reported on the Health & Human Services (HHS) Office of Civil Rights (OCR) Breach Portal website by Business Associates in 2018.

Covered Entities (CEs) are not alone when it comes to experiencing a healthcare data breach.

Did You Know?

Business Associates (BAs) are at a greater risk by their limited knowledge, understanding, and/or implementation of the HIPAA Security and Breach Notification Rules in their organization.

BAs can be, and have been, held directly liable and subject to civil and, in some cases, criminal penalties for making uses and/or disclosures of protected health information (PHI) that were not authorized.

A Bad Year for Business Associates

2018 was a very bad year for healthcare data breaches reported by BAs. Between January – December 2018, there were 39 different BA healthcare breaches added to the OCR ‘Wall of Shame’, potentially compromising the health information of 5,487,456 individuals.

These 39 healthcare breaches are made up of 16 BAs for Unauthorized Access/Disclosure to PHI and 23 BAs for Hacking/IT Incidents.

That’s 36 new Business Associates immortalized on the ‘Wall of Shame’ and who now have OCR in their business affairs – this is NOT a place you EVER want YOUR business to be in. But wait, didn’t I just tell you there were 39 different BAs healthcare breaches? Clearly, you were paying attention; that is because 3 different organizations were already on the list!!

Remember: Keeping your PHI secured and maintaining HIPAA compliance is YOUR responsibility!

Covered Entities and Business Associates need to understand your patients are entrusting YOU with their most private and intimate details, they expect it to remain secure.

Besides, it is YOUR practice, YOUR patients, YOUR reputation and YOUR legacy! Why are you leaving yourself wide open to such risks?


Join us in the HIPAA for Business Associates Facebook group to learn how HIPAA applies to YOUR organization, and YOU too can become a defender of PHI!!

One thought on “Episode 63: Know The Rules! 2018 Business Associate Healthcare Data Breaches

  1. […] “Episode 63: Know The Rules!”, I reported what I thought were all of the healthcare data breaches reported on the Health […]