$31,000 Fine For Lack Of Business Associate Agreement

$31,000 Fine For Lack Of Business Associate Agreement

Posted by Amy Wood on Sep 27 2017, 08:54 PM

$31,000 Fine For Lack Of Business Associate Agreement

Another day, another fine.  This time The Center for Children's Digestive Health.  According to OCR:

The Center for Children’s Digestive Health (CCDH) has paid the U.S. Department of Health and Human Services (HHS) $31,000 to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule and agreed to implement a corrective action plan. CCDH is a small, for-profit health care provider with a pediatric subspecialty practice that operates its practice in seven clinic locations in Illinois.  

In August 2015, the HHS Office for Civil Rights (OCR) initiated a compliance review of the Center for Children’s Digestive Health (CCDH) following an initiation of an investigation of a business associate, FileFax, Inc., which stored records containing protected health information (PHI) for CCDH. While CCDH began disclosing PHI to Filefax in 2003, neither party could produce a signed Business Associate Agreement (BAA) prior to Oct. 12, 2015.

This brings to light the importance of evaluating your vendors PRIOR to signing contracts, Business Associate Agreements or sending them your ePHI.  It also highlights new training expectations of your employees -- within 15 days of start of hire and then again annually as a team.  

Check your HIPAA program and if you aren't doing this, it may be time to revamp your HIPAA program.

Share On

Leave A Reply

Please fill all the fields.

Talk to our experts

Start your journey to compliance by directly interacting with our experts. With extensive years of experience in making dental practices HIPAA Compliant, we provide everything from start to finish to make you compliant, safe, secure, and confident against data breach. Look no further, begin your training today by scheduling a class with our experts!