$1.55 Million Settlement Underscores the Importance of Executing HIPAA Business Associate Agreements

North Memorial Health Care has agreed to settle charges that it potentially violated the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules by failing to implement a business associate agreement with a major contractor and failing to institute an organization-wide risk analysis to address risks and vulnerabilities to its patient information. North Memorial is a comprehensive, not-for-profit health care system in Minnesota that serves the Twin Cities and surrounding communities. The settlement includes a monetary payment of $1,550,000 and a robust corrective action plan.

Read the entire U.S. Department of Health and Human Services press release.

Read the resolution agreement.

About Jim Hamilton

I am an employee benefits partner with Bose McKinney & Evans LLP. My broad-based practice covers health and welfare arrangements, insurance, executive compensation and federal and state taxation. Among other areas, I have specific experience with PPACA, HIPAA, COBRA, ERISA and numerous other state and federal laws affecting employee benefit plans.
This entry was posted in HIPAA, Privacy and Security Rules and tagged , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s