ARTICLE
26 April 2017

Health-Care Provider Pays $31K for Lack of Privacy Contract with Vendor

DP
Day Pitney LLP

Contributor

Day Pitney LLP logo
Day Pitney LLP is a full-service law firm with more than 300 attorneys in Boston, Connecticut, Florida, New Jersey, New York and Washington, DC. The firm offers clients strong corporate and litigation practices, with experience on behalf of large national and international corporations as well as emerging and middle-market companies. With one of the largest individual clients practices on the East Coast, the firm also has extensive experience assisting individuals and their families, fiduciaries and tax-exempt entities plan for the future.
Eric Fader was quoted in an April 25 article, "Health-Care Provider Pays $31K for Lack of Privacy Contract with Vendor," in Bloomberg BNA's Health Care Daily Report and other publications.
United States Food, Drugs, Healthcare, Life Sciences

Eric Fader was quoted in an April 25 article, "Health-Care Provider Pays $31K for Lack of Privacy Contract with Vendor," in Bloomberg BNA's Health Care Daily Report and other publications. The article reports that the Illinois-based Center for Children's Digestive Health (CCDH) may have violated HIPAA when it failed to sign a business associate agreement with a vendor, FileFax, Inc., before transferring nearly 11,000 paper medical records to FileFax for storage.

Under a recent resolution agreement, CCDH agreed to pay the Department of Health and Human Services' Office for Civil Rights (OCR) $31,000 and enter into a two-year corrective action plan. Eric told Bloomberg BNA that the $31,000 settlement appears small considering the severity of FileFax's underlying offense, disposing of unneeded patient records in an unlocked outdoor dumpster rather than shredding them.

"This is a reminder from the OCR that a covered entity bears the ultimate responsibility when its business associate fails to comply with its HIPAA obligations," Eric said. Signing a business associate agreement, ideally after both parties have actually read it, will help to educate any entity that still hasn't figured out its responsibilities under HIPAA, he added.


For more articles and regular updates on legislative changes, regulatory developments and other news of interest to businesses, professionals and investors in the healthcare industry, please subscribe to Day Pitney's mailing lists.


Click here for more Healthcare Blogs from Day Pitney

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More