"Paradigm Shift: Don’t Expect A Small Penalty For A Small Breach"

Look out, business associates (BAs): The HHS Office for Civil Rights (OCR) is taking aggressive action against you for breach incidents. And the consequences are real — the OCR’s first resolution agreement with a BA well-exceeded a half-million dollars.

On June 30, OCR announced a $650,000 settlement with a BA for a data breach of PHI. Catholic Health Care Services of the Archdioceses of Philadelphia (CHCS) agreed to the hefty penalty to settle potential HIPAA violations including a breach.

“This settlement agreement sets an important milestone as OCR’s first resolution agreement with a BA,” notes attorney Rick Hindmand of Chicago-based McDonald Hopkins LLC. OCR is expanding its recent enforcement focus on BAs, following three resolution agreements with CEs within the last eight months for failure to enter into BA agreements (BAAs) with their BAs.

Click here for more of Rick Hindmand's quotes in the full article from Eli Healthcare.

Related Services

Jump to Page

McDonald Hopkins uses cookies on our website to enhance user experience and analyze website traffic. Third parties may also use cookies in connection with our website for social media, advertising and analytics and other purposes. By continuing to browse our website, you agree to our use of cookies as detailed in our updated Privacy Policy and our Terms of Use.