Data Center Knowledge – Hospital Pays $400,000 HIPAA Breach Penalty for Obsolete ‘Business Associate’ Agreement

HIPAA has teeth. Are your BAAs accurate and up to date?

A Rhode Island hospital agreed this month to pay $550,000 in settlements after failing to properly update business associate agreements as required under the privacy and security rules of the Health Insurance Portability and Accountability Act (HIPAA), federal authorities said.

The U.S. Department of Health and Human Services Office of Civil Rights (OCR) opened an investigation into Women & Infants Hospital of Rhode Island (WIH) after receiving a report of a data breach in November 2012.

WIH told federal authorities it had lost unencrypted backup tapes containing ultrasounds of 14,004 women, including patient names, dates of birth, dates of exams, physician names and, in some cases, Social Security numbers.

More of the Data Center Knowledge post from Aldrin Brown

This entry was posted on Wednesday, October 5th, 2016 at 11:00 am and is filed under CIO Strategy, Data center compliance, DevOps, IT Governance, IT Strategy. You can follow any comments to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.