It was a busy April for the Office for Civil Rights (“OCR”) (see our prior post on a settlement from earlier in April). On April 20, OCR announced a Resolution Agreement with Center for Children’s Digestive Health, S.C. (“CCDH”) related to CCDH’s failure to enter into a business associate agreement with a paper medical records storage vendor. The cost of that missing agreement? $31,000. Then, on April 24, OCR announced a settlement with CardioNet, a remote monitoring company for cardiac arrhythmias, related to CardioNet’s failure to implement compliant HIPAA policies and procedures and failure to conduct a sufficient risk assessment. The price of those failures? $2.5 million! Continue Reading Two HIPAA Mistakes Lead to Fines from OCR
- Preparing new, Omnibus Rule-compliant BAAs and DUAs in advance of contract renewal dates or the compliance deadline;
- Updating HIPAA policies and procedures and training materials;
- (Re)educating staff on their duties and responsibilities regarding protected health information and breach notification requirements; and
- Remaining alert for additional guidance from OCR.