The Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS) settled allegations by the Department of Health and Human Services (HHS) that it violated the Heath Insurance Portability and Accountability Act (HIPAA) Security Rule, agreeing to pay $650,000. The allegations relate to the theft of a CHCS mobile device that contained the protected health information of 412 nursing home residents. CHCS is not a “covered entity” under HIPAA, but is a business associate of “covered entities.” As a result of the HITECH Act of 2009 and HHS’s implementing regulations, key parts of the Security Rule are now directly applicable to business associates ‒ which means even seemingly small violations can lead to hefty fines for companies that provide services to HIPAA covered entities.
Register now for your free, tailored, daily legal newsfeed service.
Questions? Please contact email@example.comRegister
Business Associate Hit With HIPAA Penalty For Data Security Failures
Popular articles from this firm
If you would like to learn how Lexology can drive your content marketing strategy forward, please email firstname.lastname@example.org.
Related topic hubs
Privacy Manager, Global Privacy Centre
"This is a very good resource and I appreciate receiving it everyday. Each newsletter has a great deal of content and the daily feed allows you to 'pace' yourself. The content is relevant to the areas that I address and the articles are written by counsel who are very experienced in these areas and can communicate in a meaningful and effective way."