BackArticles and Speeches

Orthopaedic Clinic To Pay $750K HIPAA Fine After Failing to Make BA Agreement, FierceHealthIT

April 21, 2016

In an article published on April 21, 2016, Nashville partner Roy Wyman provides insight on a recent $750,000 HIPAA violation, which involved a North Carolina orthopaedic clinic that released protected health information to a third party without a business associate (BA) agreement in place. Mr. Wyman explains that early on in the HIPAA audit process, the Office for Civil Rights (OCR) was responding more to incidents where there would be potential for significant public concern. However, “as enforcement and review have matured, OCR appears to be moving toward a more encompassing approach, looking for any significant breach of the law, regardless of whether it is something that would be likely to raise public concern,” said Mr. Wyman. While the second phase of audits may lead to a small boost in the number of settlements, “the larger boost is from the increased attention paid by OCR to these issues, particularly as it reviews self-disclosures required following breaches,” Mr. Wyman said. For the full article, please click here.