HIPAA Horror Stories

The Missing Form

one-minute read

IT Contractor Fails to Submit Paperwork leading to $3 Million Fine.

Failure to get a signature on a simple form cost a California hospital group $3 million in penalties, helping to make 2018 the most painful year yet for HIPAA violators.

When Cottage Health Systems, operator of four California hospitals, hired an outside information technology (IT) firm to maintain its electronic protected health information (ePHI), management failed to get the signed form required of all businesses providing HIPAA-covered services.

During maintenance, the IT contractor completed its tasks, but exposed patient names, addresses, dates of birth, diagnoses, lab results and other treatment information to anyone who stumbled upon the Cottage Health network – no username or password needed.

More than 62,500 patients were affected.

The breach was identified by Cottage Health and reported to the Office for Civil Rights, as required by law. On investigation, however, the missing “Business Associate Agreement” was identified by government regulators.

Contractors and vendors of HIPAA-covered providers may not always provide clinical services to patients, but these “Business Associates,” do have access to protected health information.

While a simple Business Associate Agreement may not seem like a big deal, it is a legal contract describing how the Business Associate adheres to HIPAA along with the responsibilities and risks they take on.

By the end of 2018, the OCR had levied a record $28.7 million in penalties for violations, the largest amount in HIPAA history.

The HIPAA E-Tool® makes compliance fast and easy. Get your free HIPAA Quick Start kit, complete with a webcam privacy guard, HIPAA Hot Zone labels and a HIPAA checklist delivered directly to your office.

Don’t become a HIPAA Horror Story! HIPAA compliance is easy, when you know the rules.

Request A Demo

Copyright © 2020 ET&C Group LLC.

The HIPAA E-Tool® and Protecting Patient Privacy is Our Job®
are registered trademarks of ET&C Group LLC

3534 Washington Avenue, Saint Louis, MO 63103
Terms of Service | Privacy Policy

Powered by JEMSU

You may have questions about COVID-19 and HIPAA. We have answers. 

We are open and answering questions about all the new modifications and waivers, coming from HHS, OCR, CMS, and the new CARES act.

If you need help with HIPAA during the COVID-19 pandemic, fill in the form, and we’ll get back to you.

Free hipaa kit!

hipaa compliance Quick start kit
Delivered free