Continuing HIPAA Obligations After a Business Ceases

March 19, 2018


In a recent announcement by the U.S. Department of Health and Human Services (“HHS”), Office of Civil Rights (“OCR”), the OCR was clear to make a point that just because a business closes during an OCR investigation, does not mean that the business’ obligation for any HIPAA violations ends. To make this point, OCR referenced the recent settlement and corrective action plan entered into for alleged HIPAA violations by now-defunct, Filefax. The OCR was investigating Filefax for impermissibly disclosing protected health information (“PHI”) of 2,150 individuals. Although Filefax ceased operations during the OCR’s investigation, Filefax’s obligations for the alleged HIPAA violations continued and the receiver appointed to liquidate the assets of Filefax ultimately agreed to pay $100,000 out of the receivership estate to settle the alleged HIPAA violations and agreed to properly store and dispose of remaining medical records found at Filefax’s facility in compliance with HIPAA. Read this story in its entirety at Lexology. To learn more about making your practice HIPAA compliant, visit HIPAAcraticRx.


Share on Facebook
Share on Twitter
Please reload

Featured Posts

How to Handle Breach Notifications

February 26, 2020

Please reload

Recent Posts
Please reload

Please reload

Search By Tags
Please reload

Follow Us
  • Facebook Basic Square
  • Twitter Basic Square
  • Google+ Basic Square

HIPAAcraticRx - The Prescription for HIPAA Compliance


20 Hempstead Turnpike, Farmingdale, New York 11735 . (516) 200-6610 .

  • White LinkedIn Icon
  • White Facebook Icon
  • White Twitter Icon
  • White Google+ Icon

© 2019 HIPAAcratic Rx -