No Business Associate Agreement Leads to 31k Fine

Failure to complete a business associate agreement has once again led to large repercussions for a small medical practice.

The Center for Childrens Digestive Health (CCDH) just paid $31,000 resulting from a HIPAA violation related to business associate agreements. CCDH is a small healthcare provider with seven clinic locations in Illinois.

The U.S. Department of Health and Human Services Office for Civil Rights began a compliance review for the practice in August 2015. The review was initiated to investigate whether CCDH’s disclosure of protected health information (PHI) to Filefax, a third-party vendor that stored paper records was permissible under the HIPAA. The investigation discovered that while CCDH had been working with Filefax since 2003, neither could produce a Business Associate Agreement that dated before October 12th, 2015.

Read more, including the resolution agreement and corrective action plan, at the U.S Department of Health and Human Services website.

Scroll to Top