Failure to complete a business associate agreement has once again led to large repercussions for a small medical practice.
The Center for Childrens Digestive Health (CCDH) just paid $31,000 resulting from a HIPAA violation related to business associate agreements. CCDH is a small healthcare provider with seven clinic locations in Illinois.
The U.S. Department of Health and Human Services Office for Civil Rights began a compliance review for the practice in August 2015. The review was initiated to investigate whether CCDH’s disclosure of protected health information (PHI) to Filefax, a third-party vendor that stored paper records was permissible under the HIPAA. The investigation discovered that while CCDH had been working with Filefax since 2003, neither could produce a Business Associate Agreement that dated before October 12th, 2015.
Read more, including the resolution agreement and corrective action plan, at the U.S Department of Health and Human Services website.