Finance
e-Newsletter
Intelligence Unit Special Reports Special Events Subscribe Sponsored Departments Follow Us

Twitter Facebook LinkedIn RSS

OCR Undecided on Including BAs in HIPAA Audits

Dom Nicastro, for HealthLeaders Media, August 5, 2011

Top business associate breaches
Per individuals affected, according to OCR website:

IBM

Covered entity: Health Net, Inc. (Shelton, CT)
Date of breach: January 21, 2011
Approx. individuals affected: 1,900,000
Type of breach: Unknown
Location of breached info.: Other
More information

GRM INFORMATION MANAGEMENT SYSTEMS

Covered entity: New York City Health & Hospitals Corporation's North Bronx Healthcare Network (New York, NY)
Date of breach: December 23, 2010
Approx. individuals affected: 1,700,000
Type of breach: Theft
Location of breached info. Electronic Medical Record, Other
More information

IRON MOUNTAIN DATA PRODUCTS, INC. (NOW KNOWN AS ARCHIVE DATA SOLUTIONS, LLC)

Covered entity: South Shore Hospital (Weymouth, MA)
Date of breach: February, 26, 2010
Approx. individuals affected: 800,000
Type of breach: Loss
Location of breached info. Portable Electronic Device, Electronic Medical Record, Other
More information

 See Also:
 
 

 


Dom Nicastro is a contributing writer. He edits the Medical Records Briefings newsletter and manages the HIPAA Update Blog.
1 | 2 | 3

Comments are moderated. Please be patient.

2 comments on "OCR Undecided on Including BAs in HIPAA Audits"


Daniel W Berger (8/6/2011 at 1:15 PM)
Business Associates are most often the largest "surface area" of ePHI breach risk in hospitals. We highly recommend that OCR include BA's in their HIPAA audit program. In fact, this would be one of the most important things OCR do to assist hospitals with maintaining HIPAA compliance and safeguarding ePHI. It helps the hospitals hold their BA's more accountable.

Mark Meade (8/5/2011 at 10:41 AM)
With over 39% of work age Americans not having jobs ,unemployment figures only count those actively seeking work, the government is going on a crusade against business over HIPPA privacy laws. This is the same government that refuses to prosecute violators who publish medical information claiming freedom of the press. One could draw a parallel to arresting homeowners who have been burglarized for allowing a thief to rob them.