May 27, 2018

May 25, 2018

Subscribe to Latest Legal News and Analysis

May 24, 2018

Subscribe to Latest Legal News and Analysis

Out-of-Business File Storage Company Paid $100K for Alleged HIPAA Violations

Yesterday, DHHS’s Office for Civil Rights (OCR) announced a $100,000 settlement with a dissolved medical records moving and storage company in Illinois.  This is another example of OCR bringing enforcement actions against a business associate under HIPAA.  OCR investigated a complaint that the business associate brought medical records to a shredding and recycling facility in exchange for cash.  According to OCR, it confirmed that the business associate violated the HIPAA Privacy Rule when it left the medical records of approximately 2,150 people at the shredding and recycling facility.  Due to other legal troubles, a court had already forced the business associate to liquidate its assets and appointed a receiver to pay its debts.  The receiver agreed to pay the $100,000 settlement and to ensure that the storage and disposal of the remaining medical records would be in compliance with HIPAA.

Read a copy of the Resolution Agreement here.

© Copyright 2018 Murtha Cullina

TRENDING LEGAL ANALYSIS


About this Author

Dena Castricone, Murtha Cullina Law Firm, Privacy and Cybersecurity Attorney
Partner

Dena M. Castricone is a member of the Long Term Care and Health Care practice groups.  She is the Chair of the Privacy and Cybersecurity practice group and the Chair of the firm’s Pro Bono Committee.  Prior to joining Murtha Cullina, Dena served as a law clerk to the Chief Justice of the Rhode Island Supreme Court, Frank J. Williams.

Dena’s long term care and health care clients compete in a constantly evolving industry, facing both rising administrative and regulatory burdens and shrinking reimbursement rates. She helps skilled nursing centers, physician groups, home health and...

203-772-7767