On January 9, 2017, the Department of Health and Human Services ("HHS") settled an enforcement action with a hospital company for lack of timely breach notification. The Resolution Agreement requires that the company revise its existing policies and procedures, conduct training with its employees, and pay a $475,000 fine. HHS found that the company failed to provide timely written breach notifications to individuals whose protected health information had been compromised on multiple occasions.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.