A HIPAA privacy case involving Care New England’s Women & Infants Hospital, in Providence, shows the importance of updating Business Associate Agreements.
Late last month, the U.S. Department of Health and Human Services (HHS) announced that Care New England had agreed to pay a $400,000 fine, and implement a corrective action plan, to settle HIPAA violations. The investigation by HHS’s Office for Civil Rights (OCR) started back on Nov. 5, 2012.
Physicians Practice reported that HHS found “unencrypted back-up tapes containing nearly 14,000 patients’ protected health information,” as well as other violations.
OCR’s director, Jocelyn Samuels, said: “[t]his case illustrates the vital importance of reviewing and updating, as necessary, business associate agreements, especially in light of required revisions under the Omnibus Final Rule.”
Physicians Practice said: “Despite CNE and Woman & Infants Hospital of Rhode Island having a Business Associate Agreement (BAA) in place in March 2005, it had not been updated until Aug. 28, 2015 — nearly two-and-a-half years after the Omnibus Rule was published in the Federal Register.”
To read the Physicians Practice piece, please hit this link,