[firm] blog logo

No Business Associate Agreement is Enough to Result in a $31,000 Settlement

On April 17, 2017, the Center for Children?ÇÖs Digestive Health in Illinois (?Ç£CCDH?Ç¥) entered into a resolution agreement with HHS pursuant to which CCDH agreed to pay $31,000 to settle potential HIPAA privacy rule violations. The primary basis for the settlement was the lack of a business associate agreement between CCDH and one of its business associates, which HHS determined demonstrated a lack of effective control and review of CCDH?ÇÖs HIPAA policies and procedures. FileFax, Inc. (?Ç£FileFax?Ç¥) is an Illinois record storage and disposal company. FileFax?ÇÖs clients included healthcare providers, such as CCDH. FileFax?ÇÖs services to those providers included the storage and disposal of medical records. A whistleblower led to a 2015 investigation of FileFax by the Illinois Attorney General. HHS then discovered that FileFax was discarding medical records in an unlocked dumpster adjacent to its building and had also shipped a large volume of other medical records to a… Continue Reading

September 2022
S M T W T F S
 123
45678910
11121314151617
18192021222324
252627282930  

Archives