As advancements in health information technology allow increased access to Protected Health Information, covered entities and business associates face an uphill struggle to protect patient data and privacy.
Adding to the complexity are industry trends around the renewed focus on vendor relationships and compliance, along with the Office for Civil Rights’ (OCR) heightened scrutiny of BAs. In fact, OCR’s enforcement measures have targeted poor Business Associate Agreement management, emphasizing incidents in which the business associate (BA) was at fault.
More than ever before, covered entities (CEs) must focus on the risks and threats posed by their BA activities. The impact of BA breaches on patients of a CE can range from cases of identity theft to exposure of…
