This article written by HIPAA Secure Now! President and CEO, Art Gross, was published over at Dermatology Times.
What happens if your business associate has a patient data breach?
Here’s a cautionary tale: A medical practice comes to us in a panic. It turns out the physician had received a letter from the Office of Civil Rights (OCR) ordering an investigation related to a patient data breach – not his own.
In this instance, the practice’s business associate (BA), a web hosting company, had committed the breach and exposed patient information, part of which ended up in a Google search. The web hosting company was investigated and is awaiting a final determination from OCR. But the medical practice was also being investigated because it had contracted the services of its provider.