Business Associates are the biggest HIPAA Breach vulnerability
Feds investigating a major breach of Fort Wayne, Indiana-based medical records service provider Medical Informatics Engineering (MIE) cited poor password management after computer hackers infiltrated the electronic protected health information (ePHI) of 3.5 million people.
The Office for Civil Rights, the federal agency that investigates HIPAA breaches, also determined MIE had failed to conduct a Comprehensive Risk Analysis prior to the hacking.
HIPAA Breach Investigations Usually Uncover More Violations
Health Insurance Portability and Accountability Act (HIPAA) rules require that all Business Associates and Covered Entities perform an accurate and thorough analysis of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information.
As a contractor serving health care providers, MIE is considered a “Business Associate.” Even though Business Associates do not treat patients, they have access to patient records and, consequently, are required to follow HIPAA rules.
A HIPAA Breach can lead to class action lawsuits
As a result of this HIPAA breach, MIE now faces a class action lawsuit claiming, among other allegations, that the illegal disclosure cost victims many hours filing police reports as a result of fraudulent charges on various accounts.
Victims claim they must pay for identity theft monitoring for the rest of their lives as a result of the MIE breach. The suit claims more than $5 million in damages, affecting more than 100 victims in 19 states.
A HIPAA Breach Doesn’t Have To Happen
If you’re a Business Associate and don’t have an adequate risk management plan in place, The HIPAA E-Tool® can help.
If you’re a Health Care Provider (a HIPAA Covered Entity) and you’re not sure if the Business Associates who support your work are protecting your patients’ information, The HIPAA E-Tool® can help.
If you are confused about your HIPAA responsibilities, don’t spend another minute worrying. HIPAA compliance is easy — when you know the rules.