HIPAA changes likely to put onus on vendors to protect data

Health IT companies that deal with patient data are more likely to be on the hook for data breaches when highly anticipated changes to the Health Insurance Portability and Accountability Act are announced within the next few months, according to an article posted to Mass High Tech. Attorney Stephen Bernstein, with Boston-based McDermott Will & Emery LLP, told Mass High Tech in an email that companies contracted with HIPAA-covered entities should "be prepared to handle ... data securely and follow both what is stated in the business associate agreement and the requirements under the [Health Information Technology for Economic and Clinical Health] Act." Despite the expectations, however, Bernstein added that he wouldn't be shocked if the changes take such vendors by surprise. Article