Organizations, known as covered entities, subject to HIPAA regulations already have a difficult time preventing and detecting unauthorized access to patient information within their own organizations – now they have the added burden of managing the access of business associates. This was the case with Meritus Health, who recently notified the Department of Health and Human Services’ Office for Civil Rights that one of their business associates had inappropriately accessed patient information. … [Read more...]
Meritus Health Business Associate Breach
On June 26, 2015, Meritus Health reported to the U.S. Department of Health and Human Services’ Office for Civil Rights a potential privacy breach associated with protected health information (PHI). The incident was found in May during a routine compliance and self-audit. During the investigation it was found that an employee of one of their business associates had inappropriately accessed patient records. While business associates may have access to the protected health information held by … [Read more...]