Turning great ideas into healthier communities


Comparing Breaches of Unsecured Protected Health Information Among Business Associates and Covered Entities in California and the United States

2017 | Download

More and more healthcare providers and insurers are contracting out aspects of healthcare administration, such as lab work and imaging, billing, and records management, to third parties. Known as Business Associates (BAs), these organizations and companies are independent from traditional Covered Entities (CEs), such as hospitals and health insurers. Because BAs are not exempt from data breaches, and in fact are vulnerable to them, there is an urgent need to understand the causes and impacts of breaches among BAs and to compare them to those of CEs.

This report examines this phenomenon nationally and in California over a six-year period to better understand the vulnerabilities and who is impacted, to help inform policy, and to improve consumer protection from data breaches of unsecured protected health information.