Data handlers not prepared for breach: survey
Thousands of “business associates” handle millions of healthcare records on behalf of “covered entities” as defined under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). According to a survey by HIMSS Analytics, a large percentage of these data handlers may be unprepared to meet the heightened security obligation under new federal law. Read about these new security obligations in last month’s industry news article, Breach Notice Rules Take Effect.
About one in three business associates surveyed were unaware that the American Recovery and Reinvestment Act of 2009 that became law in February extended HIPAA privacy and security requirements to directly cover them, according to HIMSS Analytics.
Some hospitals are having problems with data security, according to the survey. More than half (52%) of large hospitals, a third (33%) of medium-size hospitals and a quarter (25%) of small hospitals in the survey reportedly experienced a data breach in the past year.