The number of breaches of unsecured protected health information (PHI) on record in the United States is staggering and continually increasing. Significantly, these records only cover breaches affecting 500 or more individuals. One can only wonder how many more breaches have occurred on a smaller scale. The types of breaches range from theft and hacking, to improper disposal and unauthorized access as a result of negligence. According to the HIPAA Journal, between 2009 and 2019 there were 3,054 healthcare data breaches involving more than 500 records. Those breaches have resulted in the loss, theft, exposure, or impermissible disclosure of 230,954,151 healthcare records. That equates to more than 69.78% of the population of the United States.
Such incidents can be avoided if covered entities (companies involved in healthcare) ensure that all of their business associates are secured. There are many reasons why it is important to have secure business associates. Being aware of these reasons may prompt covered entities to take the necessary measures to protect their clientele's information:
Covered entities must be HIPAA compliant
All covered entities must comply with the HIPAA Privacy Rules and regulations. This includes ensuring that any business associates of health care companies provide satisfactory assurances (in writing) that they will only use the information given to them for the purpose of performing their services. They are also held accountable for failing to safeguard the PHI or disclosing it without authorization. If a covered entity fails to define its business associate agreements, it has violated the HIPAA Privacy Rule, which could result in civil and criminal penalties.
Having agreements on record will help in government investigations
According to the Department of Health and Human Services, failure to provide the Secretary with records and compliance reports, cooperate with complaint investigations and compliance reviews, or permit access by the Secretary to information pertinent to determining compliance, including protected health information (PHI), is a direct violation of HIPAA.
In the event of a security breach, government audits are customarily conducted. If the covered entity has all its business associate agreements at hand, this displays to auditors that it is HIPAA compliant. It also helps them in their search for the source of the breach, by providing them with information on where to look next.
Companies with connections to medical records are under increased risk of attack
According to IDSeal, the healthcare industry in the United States was hard hit by data breaches in 2019, resulting in over 38 million records compromised through 450 specific breaches. Banking, education, government, and military were also prime targets for cybercriminals.
There are countless reasons why intruders may attempt to breach a health care provider's system. The most common are medical, financial and identity fraud, but blackmail and ransomware schemes are on the rise as well. The increased risk of data breaches in health care calls for increased security measures, and HIPAA is a practical starting point for companies desiring to secure their systems.
Clients will feel safe and secure when providing you with their personal information
Covered entities usually have access to personal information such as social security, payment information and other personal data. Therefore, it is critical for clients to feel peace of mind in knowing that their personal information is in safe hands. For many clients, being assured that their health care provider will not disclose their PHI to anyone, including employers, without their authorization, is important. Additionally, companies that are renown for their HIPAA compliance could attract prospective clients to their doorstep.
For more information, view Giva's HIPAA-compliance protocol, including Business Associate Agreements (BAA).