[firm] blog logo

No Business Associate Agreement is Enough to Result in a $31,000 Settlement

On April 17, 2017, the Center for Children?ÇÖs Digestive Health in Illinois (?Ç£CCDH?Ç¥) entered into a resolution agreement with HHS pursuant to which CCDH agreed to pay $31,000 to settle potential HIPAA privacy rule violations. The primary basis for the settlement was the lack of a business associate agreement between CCDH and one of its business associates, which HHS determined demonstrated a lack of effective control and review of CCDH?ÇÖs HIPAA policies and procedures. FileFax, Inc. (?Ç£FileFax?Ç¥) is an Illinois record storage and disposal company. FileFax?ÇÖs clients included healthcare providers, such as CCDH. FileFax?ÇÖs services to those providers included the storage and disposal of medical records. A whistleblower led to a 2015 investigation of FileFax by the Illinois Attorney General. HHS then discovered that FileFax was discarding medical records in an unlocked dumpster adjacent to its building and had also shipped a large volume of other medical records to a… Continue Reading

April 2017
S M T W T F S
 1
2345678
9101112131415
16171819202122
23242526272829
30  

Archives