ARTICLE
28 September 2016

HHS Settlement Shows Need For Updated Business Associate Agreement

DP
Day Pitney LLP

Contributor

Day Pitney LLP logo
Day Pitney LLP is a full-service law firm with more than 300 attorneys in Boston, Connecticut, Florida, New Jersey, New York and Washington, DC. The firm offers clients strong corporate and litigation practices, with experience on behalf of large national and international corporations as well as emerging and middle-market companies. With one of the largest individual clients practices on the East Coast, the firm also has extensive experience assisting individuals and their families, fiduciaries and tax-exempt entities plan for the future.
On September 23, the U.S. Department of Health and Human Services' Office for Civil Rights (OCR) announced that it reached a $400,000 settlement with Care New England Health System of Providence, R.I., which owns and operates hospitals and provider groups. The settlement included a corrective action plan.
United States Food, Drugs, Healthcare, Life Sciences

On September 23, the U.S. Department of Health and Human Services' Office for Civil Rights (OCR) announced that it reached a $400,000 settlement with Care New England Health System of Providence, R.I., which owns and operates hospitals and provider groups. The settlement included a corrective action plan.

Care New England reported that one of its hospitals, Women & Infants Hospital of Rhode Island (WIH), lost unencrypted backup tapes that contained ultrasound data for roughly 14,000 patients in late 2012. During its investigation the OCR discovered that Care New England's business associate agreement (BAA) with WIH hadn't been updated since 2005.

Day Pitney's Eric Fader commented on the settlement in a September 23 article, "Hospital Data Breach Leads to HHS $400K Settlement," in Bloomberg BNA's Privacy Law Watch, and a September 26 article, "HHS Settlement Shows Need for Updated Business Associate Agreement," in Bloomberg BNA's Health Care Daily Report.

Eric said he was surprised that the OCR was still stressing the need for updated BAAs, especially after publicizing two settlements earlier this year (discussed here) with covered entities that lacked BAAs. He predicted that the OCR is likely to move on to other topics in its future provider education efforts, unless its ongoing Phase 2 HIPAA audits reveal that BAAs continue to be a problem area.

"The relatively low settlement amount of $400,000 suggests to me that the OCR recognizes that Care New England's violation was not as serious a violation as never having entered into a BAA would have been," Eric added.


For more articles and regular updates on legislative changes, regulatory developments and other news of interest to businesses, professionals and investors in the healthcare industry, please subscribe to Day Pitney's mailing lists.


Click here for more Healthcare Blogs from Day Pitney

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More