Because of the new legislation that has resulted in changes to the Healthcare IT Policy, a greater number of medical providers will be exposed to data privacy exposures. Although providers such as doctors and hospitals are not required to adopt and use electronic health records, beginning in 2011 if they have not switched, their Medicare and Medicaid reimbursements will be reduced. According to attorney Charles Myers, “The Congressional Budget Office estimates that approximately 90 percent of doctors and 70 percent of hospitals will be using comprehensive electronic health records within the next decade.” The new legislation has also made HIPAA defined “business associates” directly accountable to the government in the event of a data breach. In the past, the provider or health plan would be held liable for the breach. Along with these changes, there are also new regulations about notifying patients when a breach occurs.
 “Examining Changes in Healthcare IT Policy.” Ingram’s. February 2009.
 “Stimulus for medical records broadens HIPAA liability.” Kansas City Business Journal. March 6-12, 2009.