Bankrupt Business Associate Agrees to $100K HIPAA Settlement for Medical Records Left at Dumpster

FileFax, Inc has agreed to pay $100,000 to settle potential HIPAA violations. FileFax, Inc. was a business associate that provided medical record storage, maintenance and delivery services. Back in Jan – Feb 2015, FileFax impermissibly disclosed the PHI of 2,150 by leaving the PHI in an unlocked truck in the FileFax parking lot or by granting permission to a person to remove the PHI from Filefax. A “dumpster diver” then took those medical records to a shredding and recycling facility for cash.

During the course of the HIPAA investigation, FileFax closed for business. However, the investigation continued, and even though the business associate went out of business, it could not escape its legal obligation. The bankruptcy receiver agreed to the Resolution Agreement and payment of the penalties to resolve the alleged violation.

For more information, read the Press Release and Resolution Agreement on the OCR Compliance Enforcement website.

Written by: Jacob Simpson

Simpson, Jacob headshot

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.