Raleigh Orthopaedic Clinic to pay $750,000 to settle HIPAA violation

Listen
Text
  • Small
  • Medium
  • Large

A North Carolina-based orthopedic and sports medicine clinic has agreed to settle potential HIPAA violation charges with a $750,000 payment for a 2013 data breach.

Raleigh Orthopaedic Clinic reported a data breach to HHS' Office for Civil rights in April 2013. The OCR's investigation found Raleigh Orthopaedic provided X-ray films and related protected health information of 17,300 patients to a third party which was going to transfer the images to electronic media. However, Raleigh Orthopaedic did not execute a business associate agreement with the third party before turning over the X-rays and protected health information.

The lack of a business associate agreement with the third party rendered the sharing of X-rays and protected health information impermissible because the third party vendor, which was acting as a business associate, did not provide "satisfactory assurances in the form of a written business associate agreement" about safeguards for the information.

"HIPAA's obligation on covered entities to obtain business associate agreements is more than a mere check-the-box paperwork exercise," said Jocelyn Samuels, director of HHS' OCR. "It is critical for entities to know to whom they are handing PHI and to obtain assurances that the information will be protected."

In addition to the payment, Raleigh Orthopaedic will enter a corrective action plan, which includes revising policies and procedures related to ensuring business associate agreements are in place, creating a standard template business associate agreement and limiting disclosures of PHI to any business associate beyond what is necessary, among others.

More articles on HIPAA:

AHA: Align mental health, substance abuse data with HIPAA
Google, Kivney to launch HIPAA-compliant mobile service on Google Cloud
California court rules Millennium Labs' insurer will not cover HIPAA investigation costs

Copyright © 2021 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.

 

Featured Whitepapers

Featured Webinars