Business Associates to Pay for Data Breaches
DATA LOSS—U.S.February 8, 2010
A top official at the Office of Civil Rights (OCR) says business associates could be liable for health data breaches. Sue McAndrew, deputy director for health information privacy at the OCR, said it's possible that business associates will be required to pay the OCR out-of-pocket. "Business associates going forward will be directly liable for violations that occur in their possession," McAndrew said, speaking at the annual HIPAA Summit last week in Washington, DC. McAndrew also shared January breach data, noting that 35 data breaches affected 500-plus individuals last month.