In $1 Million HIPAA Settlement, HHS Emphasizes Business Associate and Encryption Compliance | Practical Law
The Department of Health and Human Services (HHS) has announced a settlement of potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) involving a nonprofit health care provider and HIPAA covered entity (CE). The CE will pay $1,040,000 to settle the potential violations resulting from a stolen laptop and must take corrective measures that include encryption compliance, revising its affiliated covered entity status, and designating a business associate (BA) manager to identify its BAs.