Eric Fader was quoted in an April 25 article, "Health-Care
Provider Pays $31K for Lack of Privacy Contract with
Vendor," in Bloomberg BNA's Health Care Daily
Report and other publications. The article reports that the
Illinois-based Center for Children's Digestive Health (CCDH)
may have violated HIPAA when it failed to sign a business associate
agreement with a vendor, FileFax, Inc., before transferring
nearly 11,000 paper medical records to FileFax for storage.
Under a recent resolution agreement, CCDH agreed to pay the
Department of Health and Human Services' Office for Civil
Rights (OCR) $31,000 and enter into a two-year corrective action
plan. Eric told Bloomberg BNA that the $31,000 settlement
appears small considering the severity of FileFax's underlying
offense, disposing of unneeded patient records in an unlocked
outdoor dumpster rather than shredding them.
"This is a reminder from the OCR that a covered entity bears
the ultimate responsibility when its business associate fails to
comply with its HIPAA obligations," Eric said. Signing a
business associate agreement, ideally after both parties have
actually read it, will help to educate any entity that still
hasn't figured out its responsibilities under HIPAA, he
added.
For more articles and regular updates on legislative changes, regulatory developments and other news of interest to businesses, professionals and investors in the healthcare industry, please subscribe to Day Pitney's mailing lists.
Click here for more Healthcare Blogs from Day Pitney
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.