OCR Settlement with Physician Group Highlights Need For HIPAA Business Associate Agreements

This week, the OCR announced another HIPAA settlement based on a provider’s failure to have a Business Associate Agreement in place before disclosing PHI to a third party business vendor.

OCR had initiated an investigation of Raleigh Orthopaedic Clinic, P.A. of North Carolina following receipt of a breach report which revealed a release of protected health information (PHI) without first having a business associate agreement (BAA) in place. Continue reading