Survey: Business associates not prepared for new HIPAA breach notification rules

About one-third of companies considered business associates of healthcare providers under HIPAA were not even aware that they now are equally responsible as providers for protecting electronic patient information, according to a new survey commissioned by security vendor ID Experts and conducted by HIMSS Analytics. Even more were not prepared to comply with the new breach notification rules that took effect in September. However, 87 percent of providers surveyed said they were aware of the new HIPAA requirements, called for by the American Recovery and Reinvestment Act.

This, the BNA Health IT Law & Industry Report says, should represent more of a call to action than a reason to panic. "We really have a tremendous need for education," HIMSS senior director of privacy and security Lisa Gallagher tells the newsletter. "There is no sense wringing hands over this. Let's get to work."

Hospitals apparently are getting to work. In the survey, 85 percent of providers said they would take steps to protect data shared with business associates, and 47 percent said they would terminate contracts with business associates that breach patient confidentiality.

To learn more:
- download the HIMSS Analytics report (.pdf)
- read this Healthcare IT News story
- take a look at this InformationWeek piece