07-15-11 | Blog Post
A key component of the HITECH Act was the tightening of HIPAA compliance and enforcement. Specifically, with the increased use of electronic medical records containing protected health information that was anticipated, lawmakers emphasized the security of such information.
One targeted area was the responsibilities and liability placed on business associates of health care providers, otherwise known as covered entities. Essentially, the HITECH Act took into consideration the safeguards that were required for covered entities and placed those exact expectations on business associates.
Additionally, when a HIPAA breach occurs that affects more than 500 individuals, the covered entity and business associate, if applicable, have the responsibility to report the breach to the U.S. Department of Health and Human Services as well as local media in an effort to notify the affected individuals.
Between January 2010 and March 2011, approximately 272 HIPAA violations occurred in the U.S. Twenty-one percent of those breaches involved a business associate of a covered entity. This may seem like a lower than expected number. However, digging into the details further, we found that a total of approximately 10,800,000 individuals were affected by these breaches. Of the 10,800,000 affected individuals, approximately 6,000,000 involved a business associate. This represents 56% of all affected individuals.
The cost in damage control for HIPAA breaches is always calculated on a per individual basis. As HHS continues their effort in selecting and carrying out HIPAA audits, we are certain that a focused effort will be placed on business associate relationships. Additionally, larger covered entities will become more aware, and less tolerant of their vendors ability to establish, prove and manage HIPAA compliance.
Joe Dylewski, President, ATMP Group
Joseph Dylewski is a twenty-three year Information Technology Professional veteran, with eight years spent exclusively in the Healthcare Industry. In addition to holding positions as a Project Manager and Director of Information Technology, Joseph has also served as a Healthcare IT Services Practices Director and Account Manager with a proven track-record of successfully delivering end-to-end IT application and infrastructure project services. Joseph also currently serves as an Assistant Professor at Madonna University.