Published on

Electronic health records have fostered easier access to vital information—clearly a benefit to providers and patients—but they’ve also been the font of data breaches involving the records of nearly 33 million individuals since 2009. Part of the problem lies with dishonest or inept contractors (or “business associates”) that may not have the expertise to construct proper security measures. Now those business associates are going to be targeted for HIPAA audits by the Department of Health and Human Services’ Office for Civil Rights (OCR). The expressed aim of that second round of audits is to help separate the capable and committed vendors who will make a sincere effort to be HIPPA-compliant from those that will not. That improved visibility could end up giving healthcare organizations more leverage when it’s time to negotiate new contracts. The OCR estimates that 21% of healthcare data breaches in the past seven years have involved business associates.

Next Round of HIPAA Audits Aim to Prevent Data Breaches