"Paradigm Shift: Don’t Expect A Small Penalty For A Small Breach"

Look out, business associates (BAs): The HHS Office for Civil Rights (OCR) is taking aggressive action against you for breach incidents. And the consequences are real — the OCR’s first resolution agreement with a BA well-exceeded a half-million dollars.

On June 30, OCR announced a $650,000 settlement with a BA for a data breach of PHI. Catholic Health Care Services of the Archdioceses of Philadelphia (CHCS) agreed to the hefty penalty to settle potential HIPAA violations including a breach.

“This settlement agreement sets an important milestone as OCR’s first resolution agreement with a BA,” notes attorney Rick Hindmand of Chicago-based McDonald Hopkins LLC. OCR is expanding its recent enforcement focus on BAs, following three resolution agreements with CEs within the last eight months for failure to enter into BA agreements (BAAs) with their BAs.

Click here for more of Rick Hindmand's quotes in the full article from Eli Healthcare.