Business Associates Beware: First HIPAA Settlement with Business Associate [LEGAL]

USA July 6 2016

For the first time, the U.S. Department of Health & Human Services Office for Civil Rights (OCR) has entered into a Resolution Agreement with a business associate over allegations that it potentially violated the Health Insurance Portability and Accountability Act (HIPAA) Security Rule by failing to protect electronic protected health information (ePHI). This first settlement likely portends future enforcement actions against business associates for perceived HIPAA violations.

On June 24, 2016, OCR agreed to settle with Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS), a non-profit organization that provided management and information technology services to its six nursing homes as a business associate. OCR alleged that CHCS potentially violated the HIPAA Security Rule after a CHCS-issued employee smartphone containing nursing home residents’ ePHI was stolen.



Categories: Business

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: