Healthcare Data Breaches
In this week’s “Know The Rules!,” I am reviewing healthcare data breaches reported on the Health & Human Services (HHS) Office of Civil Rights (OCR) Breach Portal website by Business Associates in 2018.
Did You Know?
Business Associates (BAs) are at a greater risk by their limited knowledge, understanding, and/or implementation of the HIPAA Security and Breach Notification Rules in their organization.
BAs can be, and have been, held directly liable and subject to civil and, in some cases, criminal penalties for making uses and/or disclosures of protected health information (PHI) that were not authorized.
A Bad Year for Business Associates
2018 was a very bad year for healthcare data breaches reported by BAs. Between January – December 2018, there were 39 different BA healthcare breaches added to the OCR ‘Wall of Shame’, potentially compromising the health information of 5,487,456 individuals.
These 39 healthcare breaches are made up of 16 BAs for Unauthorized Access/Disclosure to PHI and 23 BAs for Hacking/IT Incidents.
That’s 36 new Business Associates immortalized on the ‘Wall of Shame’ and who now have OCR in their business affairs – this is NOT a place you EVER want YOUR business to be in. But wait, didn’t I just tell you there were 39 different BAs healthcare breaches? Clearly, you were paying attention; that is because 3 different organizations were already on the list!!
Remember: Keeping your PHI secured and maintaining HIPAA compliance is YOUR responsibility!
Covered Entities and Business Associates need to understand your patients are entrusting YOU with their most private and intimate details, they expect it to remain secure.
Besides, it is YOUR practice, YOUR patients, YOUR reputation and YOUR legacy! Why are you leaving yourself wide open to such risks?
Join us in the HIPAA for Business Associates Facebook group to learn how HIPAA applies to YOUR organization, and YOU too can become a defender of PHI!!