The volume of data security breaches occurring in health care has captured hospital and system trustees’ attention and forced them to investigate their respective organization’s plans and policies to protect patient information. While directing senior leaders to shore up vulnerabilities, boards also need to be aware of the vendors who support hospital operations, such as consultants, information technology companies, and clearinghouses that translate transactions. These business associates represent another risk area that requires board oversight.
