HIPAAcraticRx - The Prescription for HIPAA Compliance

HOME   |   THE RISKS   |  PATH TO COMPLIANCE  |  ADDITIONAL SERVICES  |  ABOUT  |  CONTACT

20 Hempstead Turnpike, Farmingdale, New York 11735 . (516) 200-6610 . info@hipaacraticrx.com

  • White LinkedIn Icon
  • White Facebook Icon
  • White Twitter Icon
  • White Google+ Icon

© 2019 HIPAAcratic Rx -

Latest HIPAA Breach Involves Business Associate

March 8, 2019

 

Another day, another data breach … this time involving a business associate in charge of medical records storage, Sharecare Health Data Services (SHDS).

 

AltaMed Health Services (AltaMed) and California Physicians Services (doing business as Blue Shield of California (BSC)) recently received notice that a hacker was able to acquire and/or access patients’ protected health information (PHI) contained in the medical  records kept by SHDS on behalf of the two healthcare entities. The breach of AltaMed’s data was discovered on June 22, 2018, and the breach for BSC was discovered a few days later on June 26, 2018. Upon investigation, officials determined that both breaches went undetected for over a month and actually began on May 21, 2018. SHDS did not notify AltaMed or BSC of the breach until December 31, 2018. The exact number of affected individuals is not yet certain but is at least into the tens of thousands.

 

This is another example of why covered entities need to stay vigilant, not only of their own compliance but also that of their vendors who may have access to PHI.  Even though the breach occurred at the business associate and not the covered entity, the covered entity is still responsible for providing notice to affected individuals, which often requires significant money and resources.  Breaches caused by business associates can lead to costly investigation, notification, and mitigation efforts for covered entities. Therefore, covered entities should work to ensure that they have the following:

  • Business associate agreements with all vendors handling PHI

  • Contractual protections, including indemnification provisions

  • Cyberliability insurance coverage and understand coverage pertaining to breaches by vendors

HIPAAcraticRX provides tools, training, documentation and support to both covered entities and business associates, to make sure you and your vendors are covered at all times. To read this article in its entirety, visit The National Law Review.

 

 

 

Share on Facebook
Share on Twitter
Please reload

Featured Posts

Ransomware Costs Rise and Cause Downtime

July 16, 2019

1/10
Please reload

Recent Posts
Please reload

Archive