HIPAA Horror Stories

The Bogus Business Associate

one-minute read

Next time, check references.

A Florida hospital contractor was fined $500,000 after its billing group illegally disclosed the medical records of almost 10,000 patients.

What’s more, the biller turned out to be a fake!

Ignoring Business Associate Agreements Puts Everyone At Risk

Advanced Care Hospitalists (ACH) had hired an individual who identified himself as a representative of Florida billing contractor Doctor’s First Choice, Inc.

Upon investigation, however, the owner of First Choice told the Office for Civil Rights (OCR) that he had no affiliation with the representative. Apparently, the “representative” had lied about his connection to First Choice, but managed to gain access to First Choice’s billing software, using it to service his unwitting client.

The Office for Civil Rights is the government agency that enforces HIPAA compliance and investigates violation complaints.

No Business Associate Agreement = No Business

Upon further investigation, OCR learned that ACH had never entered into a Business Associate Agreement with the biller, in violation of HIPAA rules.

Breaches usually reveal more costly violations

In fact, since ACH first opened in 2005, OCR discovered the company had never even conducted a risk analysis; never implemented security procedures; and could not demonstrate compliance with any HIPAA policies during the company’s entire nine-year history.

A Business Associate Agreement could have prevented the fraud

The fake contractor worked for ACH for seven months in 2011 and 2012. Had they required a Business Associate Agreement, the fraudsters likely would have moved on to another, softer target.

In addition to paying the fine, ACH must undertake a robust corrective action plan and adopt Business Associate Agreements, complete company-wide risk analysis/management, and embrace comprehensive policies and procedures to comply with HIPAA rules.

Are your Business Associate Agreements in place?

You can read the case details and see the hoops ACH has to jump through to meet OCR settlement terms.

How would your company fare if the OCR came knocking? If you aren’t absolutely sure your business is protected against a HIPAA breach, we’re here to help.

The HIPAA E-Tool® makes compliance fast and easy. Get your free HIPAA Quick Start kit, complete with a webcam privacy guard, HIPAA Hot Zone labels and a HIPAA checklist delivered directly to your office.

Don’t become a HIPAA Horror Story! HIPAA compliance is easy, when you know the rules.

Request A Demo

Copyright © 2020 ET&C Group LLC.

The HIPAA E-Tool® and Protecting Patient Privacy is Our Job®
are registered trademarks of ET&C Group LLC

3534 Washington Avenue, Saint Louis, MO 63103
Terms of Service | Privacy Policy

Powered by JEMSU

You may have questions about COVID-19 and HIPAA. We have answers. 

We are open and answering questions about all the new modifications and waivers, coming from HHS, OCR, CMS, and the new CARES act.

If you need help with HIPAA during the COVID-19 pandemic, fill in the form, and we’ll get back to you.

Free hipaa kit!

hipaa compliance Quick start kit
Delivered free