HIPPA’s Not Just For Covered Entities - Recent Enforcement Action Extends To Business Associates
On June 29, 2016, the Office of Civil Rights (OCR) announced a Resolution Agreement it entered with Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS) a business associate of six nursing homes. This Resolution Agreement included a monetary payment of $650,000 and a Corrective Action Plan (CAP). The CAP requires CHCS to conduct a risk analysis and risk management, to develop and maintain written policies and procedures as well as to train all members of the CHCS workforce with access to ePHI within 60 days of the CAP in compliance with HIPAA, and to submit annual reports and attestation of CHCS’ compliance with the CAP for two years following the execution date of the Resolution Agreement.