Consequences for HIPAA Violations Don’t Stop When a Business Closes

In a recent case, Filefax, a medical record storage, maintenance, and delivery company, paid the US Department of Health and Human Services, Office of Civil Rights (“OCR”) $100,000 to settle claims of HIPAA violations even after the company went out of business. Filefax left the medical records of 2,150 patients in an unlocked truck in the Filefax parking lot. During the course of the OCR’s investigation of the HIPAA violations, Filefax closed its business. In a press release announcing the settlement, the OCR stated that the careless handling of Protected Health Information (PHI) is never acceptable and that the “OCR is committed to enforcing HIPAA regardless of whether a covered entity is opening its doors or closing them.”
If you have any questions about this or other HIPAA matters, please e-mail me at sjarvaweiss@norris-law.com.