The Center for Children’s Digestive Health (CCDH) a small, for-profit practice has agreed to implement a corrective action plan for their potential violations of the Health Insurance Portability Accountability Act of 1996 (HIPAA) Privacy Rule. According to the U.S. Department of Health and Human Services (HHS), the settlement includes a hefty payment of $31,000 for their violation.
The penalty suffered by CCDH came as a result of the initiation of an investigation of one of their business associates, Filefax, Inc. Filefax, who was storing records for CCDH that contained protected health information (PHI) faced a compliance review in August 2015. CCDH began disclosing PHI to Filefax in 2003, which would require Business Associate Agreement (BAA), however neither party could present proof of the agreement prior to October 12, 2015. CCDH had been disclosing PHI to Filefax for 12 years without documentation of a BAA.
You can read the Resolution Agreement and Corrective Action plan here.
The post $31,000 fine for not having a Business Associate Agreement appeared first on HIPAA Secure Now!.