$750,000 HIPAA Settlement for Orthopedic Clinic

Posted by BAS - 26 May, 2016

header-picture

An Orthopedic Clinic based in Raleigh, North Carolina paid $750,000 for HIPAA violations.  The settlement agreement alleged that the clinic provided PHI of approximately 17,300 patients to a third party without a business associate agreement in place.  The third party was engaged to transfer images to electronic media in exchange for harvesting the silver from the ex-ray films.

In addition to the dollar payment, the clinic must revise its policies and procedures to: establish a process for assessing whether entities are business associates; designate a responsible individual to ensure business associate agreements are in place prior to disclosing PHI to a business associate; create a standard template business associate agreement; establish a standard process for maintaining documentation of a business associate agreements for at least six (6) years beyond the date of termination of a business associate relationship; and limit disclosures of PHI to any business associate to the minimum necessary to accomplish the purpose for which the business associate was hired.

The clinic did not admit liability in the settlement agreement.


Recent Posts

Question of the Week - Mid-Year Enrollment for Health Coverage

read more

OCR Reports to Congress on HIPAA Compliance and Breaches of Unsecured Protected Health Information

read more

Find your QELs in MyEnroll360

read more