21 minutes | Oct 22, 2019

HIPAA Horror Story: Business Associate Breaches

Why should a lawyer who doesn’t represent health care or insurance companies be concerned about HIPAA? One of the largest health care data breaches, which compromised nearly 25 million individuals’ records, didn’t occur at a hospital or clinic – it was the result of a billing/collection company breach.Betsy Mountenay, analysis manager at Bloomberg Law who focuses on health care, interviews Iliana L. Peters, a shareholder and health law attorney at Polsinelli in Washington, DC. Peters is the former acting deputy director and senior advisor for HIPAA compliance and enforcement at the Department of Health and Human Services Office of Civil Rights.Mountenay and Peters discuss how non-health care entities can violate HIPAA if they’re in a business associate relationship. According to a Bloomberg Law analysis, 25% of data breaches reported since 2016 happened on a business associate’s watch.Congress is also starting to scrutinize the vendor selection process for health care companies. A wide variety of tech companies working with health care companies could be expected to have stronger HIPAA safeguards. At the same time, many medical-related apps providing services directly to consumers may not be covered under HIPAA. Peters and Mountenay also discuss enforcement areas that HHS state agencies are focusing on.Listen and subscribe to Law X.0 from your mobile device: Via Apple Podcasts | Via Stitcher | Via Overcast | Via SpotifyHosts: Dori Goldstein and Meg McEvoy, Guest Host: Betsy Mountenay Guest: Iliana Peters, shareholder and health care attorney at Polsinelli Producer: RJ Jewell
Play Next