HIPAA Penalty Follows Company Into Receivership

"The careless handling of [protected health information] is never acceptable," said OCR Director Roger Severino. "Covered entities and business associates need to be aware that OCR is committed to enforcing HIPAA regardless of whether a covered entity is opening its doors or closing them. HIPAA still applies."

Saying the case illustrates that "consequences for HIPAA violations don't stop when a business closes," the U.S. Department of Health and Human Services reported Feb. 13 that a receiver appointed to liquidate the assets of Filefax, Inc. has agreed to pay $ 100,000 out of the receivership estate to the HHS Office for Civil Rights to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule.

Filefax, located in Northbrook, Illinois, is no longer in business. But it had advertised that it provided for the storage, maintenance, and delivery of medical records for covered entities. "Although Filefax shut its doors during the course of OCR's investigation into alleged HIPAA violations, it could not escape its obligations under the law," the federal agency reported, explaining the case this way:

  • On Feb. 10, 2015, OCR received an anonymous complaint alleging someone transported medical records obtained from Filefax to a shredding and recycling facility to sell on Feb. 6 and 9, 2015. OCR opened an investigation, which confirmed that an individual had left medical records of approximately 2,150 patients at the shredding and recycling facility and that those records contained patients' protected health information (PHI).
  • The investigation indicated that between Jan. 28, 2015, and Feb. 14, 2015, Filefax impermissibly disclosed the PHI of 2,150 individuals by leaving the PHI in an unlocked truck in the Filefax parking lot or by granting permission to an unauthorized person to remove the PHI from Filefax and leaving the PHI unsecured outside the Filefax facility.

"The careless handling of PHI is never acceptable," said OCR Director Roger Severino. "Covered entities and business associates need to be aware that OCR is committed to enforcing HIPAA regardless of whether a covered entity is opening its doors or closing them. HIPAA still applies."

Download Center

HTML - No Current Item Deck
  • Free Safety Management Software Demo

    IndustrySafe Safety Management Software helps organizations to improve safety by providing a comprehensive toolset of software modules to help businesses identify trouble spots; reduce claims, lost days, OSHA fines; and more.

  • Easy to Use Safety Incident App

    Record incidents on the go with IndustrySafe’s mobile app. Collect data for multiple types of incidents including including near misses, vehicle and environmental incidents, and employee and non-employee injuries; at job sites and remote locations—with or without web access.

  • Safety Training 101

    When it comes to safety training, no matter the industry, there are always questions regarding requirements and certifications. IndustrySafe is here to help. We put together a resource that’s easy to digest so you can get answers to your training questions and ensure you're complying with OSHA's standards.

  • Conduct EHS Inspections and Audits

    Record and manage your organization’s inspection data with IndustrySafe’s Inspections module. IndustrySafe’s pre-built forms and checklists may be used as is, or can be customized to better suit the needs of your organization.

  • Track Key Safety Performance Indicators

    IndustrySafe’s Dashboard Module allows organizations to easily track safety KPIs and metrics. Gain increased visibility into your business’ operations and safety data.

  • Industry Safe
comments powered by Disqus