Just because you’re no longer in business doesn’t mean you’re beyond the reach of a HIPAA Penalty

Federal regulators hit an Illinois business with a $100,000 penalty despite the company having shuttered operations the previous year.

In February 2015, the Office for Civil Rights (OCR), the federal agency responsible for enforcing the Health Insurance Privacy and Accountability Act (HIPAA) received an anonymous complaint that a contractor transported 2,150 medical records to a shredding facility for Filefax, a medical records service.

Leaving protected medical records unattended and unprotected can lead to a HIPAA Penalty

Filefax, according to the OCR, left the protected health information (PHI) in an unlocked truck on the Filefax parking lot, awaiting the contractor’s pick-up. The contractor was not authorized to handle PHI.

HIPAA Penalty and corrective action plan reaches company’s receiver

Despite ceasing business operations later in 2015, Filefax’s receiver was fined and forced to undergo a corrective action plan, which included moving all remaining medical records in its possession to Iron Mountain, another records management vendor, for disposal.

Are you at risk for a HIPAA Penalty?

Are your contractors authorized to handle Protected Health Information? Are they trained and have they signed your HIPAA Business Associate Agreement? Are you aware that, even if a business is no longer in operation, HIPAA Penalties and Corrective Action Plans can be forced on receivers and trustees?

HIPAA Penalties are on the rise. Don’t be a target.

Protect yourself and your business with the most comprehensive HIPAA compliance suite of services available. The HIPAA E-Tool^© is the only resource you need to avoid costly OCR actions.

With experienced HIPAA consultants standing by to answer your questions and help get you started on the path to compliance, it’s really a simple decision. Try it for free — schedule a demo today.