Electronic data has created the opportunity to lose thousands of patient records in just a few seconds. Enforcement is at unprecedented levels. Compliance needs to be a business strategy because your risks are growing every day, and new rules extend compliance beyond you to your business partners, and on to their subcontractors. The chain can get long and you cannot afford a weak link.
HIPAA Business Associates have been responsible for many data breaches. The federal data breach websiteshows that over 20% of data breaches were caused by Business Associates. Omnicell, a company that provides medical dispensing carts to health care providers, recently breached 68,000 patient records after an employee downloaded data to a laptop, which was then stolen.
A HIPAA Business Associate is a person or business that (a) is not part of your workforce and (b) comes in contact with your Protected Health Information (PHI) in the course of your relationship. Some are obvious, and some may surprise you.