Companies that do business with healthcare providers, including accounting firms and offshore transcription vendors, are unprepared to meet data breach obligations included in new federal regulation, according to a survey released Tuesday.

The survey by Healthcare Information and Management Systems Society (HIMSS) Analytics, commissioned by security vendor ID Experts, looked at preparedness for healthcare providers business partners, such as billing, credit bureaus, benefits management, legal services, claims processing, insurance brokers, data processing firms, pharmacy chains, and temporary office personnel providers.

The survey gauged the readiness of companies to comply with the security provisions of the Health Information Technology for Economic and Clinical Health Act, a component of the U.S. American Recovery and Reinvestment Act of 2009.

About a third of business associates were not aware they needed to comply with security and privacy provisions of the Health Insurance Portability and Accountability Act (HIPAA). By comparison, 87% of health providers are aware.

"Despite an increase in risk assessments conducted, data breach is on the rise and patients are at a high risk level for medical identity theft and fraud where an unknown person will use an identity to illegally receive benefits or services," said Bob Gregg, CEO of ID Experts, in a statement.

"Business associates could represent a risk to healthcare organizations, especially hospitals," said Lisa Gallagher, senior director for privacy and security for HIMSS, in a statement. "The lack of awareness of new federal regulations by business associates coupled with the large number of third parties hired by hospitals to control costs through outsourcing, points to a potential area of concern. Hospitals, in partnership with their business associates, need to actively prepare to comply with the new rules when these breaches happen."

Other findings of the survey: