The federal government has begun a much more intensive program of auditing health care providers for violations of HIPAA, the federal law that protects patients’ privacy.

For the first time, the government will be auditing not only health care providers but also related businesses to whom patients’ information might be disclosed – including third-party administrators, accountants, attorneys, consultants, clearinghouses, transcriptionists and pharmacy benefits managers.

For this reason, it’s important for all providers to understand the relevant obligations and take steps to minimize risks – and make sure their vendors do so as well.

Large fines are possible. Recently, a medical research facility in New York was fined $3.9 million after a laptop containing patient data was stolen from an employee’s car. In a similar case in Minnesota, a hospital was fined $1.55 million after a laptop was stolen from an employee of a vendor that provided third-party billing and collection services.