Last month, the Office of Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) announced a resolution agreement with the Center for Children’s Digestive Health (CCDH) which included a $31,000 penalty.
This isn’t the first time a covered entity has paid a “resolution amount” to settle potential violations under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules with respect to a business associate agreement (or lack thereof).
- March 2016: North Memorial Health Care of Minnesota paid $1.55 million to settle charges that it failed to enter into a business associate agreement with a major contractor performing certain payment and health care operations activities on its behalf and to complete a risk analysis.
- April 2016: Raleigh Orthopaedic Clinic, P.A. of