According to the recent ISMG “Healthcare Information Security Today Survey,” many covered entities feel that their business associates’ inadequate security precautions are one of the top threats their organizations are facing. With the advent of the Omnibus Rule, many business associates became directly responsible for safeguarding the PHI that they come into contact with. However, many of them are still not practicing proper security methods, putting themselves and the covered entities they serve at increased risk. Our latest infographic highlights the risks associated with business associates as well as examples of recent breaches that occurred at a business associate.
You can view or download the full infographic below, but here are a few points we wanted to highlight:
- 73% of healthcare organizations are either not confident or only somewhat confident that their BAs would be able “to detect, perform an incident risk assessment and notify their organization in the event of a data breach incident.”
- 87% of business associates have had multiple security incidents in the last two years.
- Only 58% of business associates say they perform a 4-factor risk assessment following each security incident, as required under the Omnibus Final Rule.