Raleigh Clinic to Pay $750,000 for HIPAA Violation
Posted: May 19, 2016 to Compliance.
Raleigh Orthopedic Clinic (ROC) of North Carolina is paying for its violation of the Health Insurance Portability and Accountability Act of 1996 Privacy Rule, for allegedly sharing private and protected patient information with a potential business partner. $750,000, to be exact. The Office of Civil Rights (a division of the U.S. Department of Health and Human Services) revealed in its investigation that ROC released not only the protected information of 17,300 patients, but X-ray films, as well. This personal information was given to a company that was slated to turn X-ray images into electronic media in exchange for the silver that was procured from the X-ray film. The transaction would not have been a HIPAA breach had there been a business associate agreement between the companies before they handed over the X-rays and the private information. The Office of Civil Rights, in addition to paying out a quarter of a million dollars, has agreed to a Corrective Action Plan that includes implementing employee training and guidelines that help to ensure that HIPAA policies are followed ROC in the future. You can view the full Corrective Action Plan here.
