Healthcare News & Insights

Can you trust business partners with your patient data?

In addition to privacy breaches caused by malicious employees, healthcare providers can also be susceptible to incidents related to employees of third-party business partners that are given access to sensitive data. 

computer-security-2UnityPoint Health, located in Iowa and Illinois, recently announced a data breach which compromised the records of close to 1,800 patients. The information stolen might include names, addresses, birth dates, medical information and health insurance account numbers, as well as Social Security numbers and driver’s license numbers for some patients.

Officials said the information was stolen by someone working for another company. The thief didn’t have access to patients’ records but was using other people’s passwords to get into the system.

The breach began in February and continued until August, when UnityPoint discovered the incident while conducting a security audit.

Protect patient information

The new HIPAA rules that went into effect last month help alleviate some of the compliance burden for providers by holding third-party business partners more accountable for privacy breaches.

However, even if a hospital manages to escape legal liability for a breach, it will still be hurt by an incident, as patients may switch providers and the organization’s reputation can be damaged.

Here are some of the lessons providers can learn from this incident and other health data breaches involving third parties:

  1. Before signing a deal with a business partner, conduct an assessment of the company’s security practices, including how it conducts background checks for employees. The hospital should also conduct regular audits to find any new vulnerabilities.
  2. Train users to be careful when dealing with third parties and their representatives. Staff members should know not to share passwords with those employees and not to give them any more access than they’re authorized to have.
  3. Make sure contracts with third parties include requirements to protect patient information. The new HIPAA rules require some types of business partners to sign those agreements.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.


  1. […] Health, located in Iowa and Illinois, recently announced a data breach which compromised the records of close to 1,800 patients. The information stolen might include […]