Lack of BA Agreement Costs Clinic $750,000

Marianne Kolbasuk McGee (HealthInfoSec) • April 20, 2016

 

A North Carolina orthopedic clinic will pay a $750,000 penalty as part of a breach-related settlement involving the release of 17,300 X-ray films containing protected health information to a vendor without having a business associate agreement in place, as required under HIPAA.

Advertisement

The Department of Health and Human Services’ Office for Civil Rights says in a April 19 statement that the settlement with Raleigh Orthopaedic Clinic, which operates clinics and an orthopedic surgery center in Raleigh, N.C., spotlights the importance of executing a BA agreement before turning over PHI to third-party vendors.

“HIPAA’s obligation on covered entities to obtain business associate agreements is more than a mere check-the-box paperwork exercise,” Jocelyn Samuels, director of OCR, said in the statement. “It is critical for entities to know to whom they are handing PHI and to obtain assurances that the information will be protected.”

See Also: Rethinking Endpoint Security

 

READ THE REST HERE

Add a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use
Advertisement