How Do Business Partner Data Breaches Affect Your Practice?
Business associate agreements should be prioritized; collaborative policies can help patch attacks
TUESDAY, June 12, 2018 (HealthDay News) -- Data breaches affecting health care systems or their partners need to be addressed quickly, according to an article published in Medical Economics.
Noting that every successful breach against a health care system constitutes a Health Insurance Portability and Accountability Act violation, which must be reported, the authors discuss the importance of keeping an eye on business partners that might be compromised.
According to the article, knowing about a business partner's data breach early is important. The Department of Health and Human Services' (HHS') breach portal should be reviewed at least once a month as a precaution. Notifications about attacks that are trending or particularly dangerous can be received by joining additional e-mail lists. To protect a practice during an attack, care should be taken to prioritize business associate agreements (BAAs) with every vendor; in the case that a practice does not have a BAA with a vendor that handles protected health information, one should be signed immediately or the vendor should be replaced. Use of more proactive, collaborative policies can help patch attacks to address threats. Breaches should be reported as soon as possible; compliance officers or the HHS can provide detailed instructions on what to report and how.
"Comprehensive security standards and close collaboration with business partners can be a formidable barrier, but the most essential protective measures against ransomware and other data breaches are immediate notification and action," the authors write.