top of page

Failure to Safeguard PHI Leads to $650,000 HIPAA Settlement

412 individual's PHI breached caused fines of $650,000 AND CHCS was still required to implement all corrective action items.

“Business associates must implement the protections of the HIPAA Security Rule for the electronic protected health information they create, receive, maintain, or transmit from covered entities,” said U.S. Department of Health and Human Services Office for Civil Rights (OCR) Director Jocelyn Samuels. “This includes an enterprise-wide risk analysis and corresponding risk management plan, which are the cornerstones of the HIPAA Security Rule.”

Catholic Health Care Services (CHCS) has agreed to settle potential violations of HIPAA Security Rule after the theft of a CHCS mobile device compromised the protected health information (PHI) of hundreds of nursing home residents.

The total number of individuals affected by the combined breaches was 412. The settlement includes a monetary payment of $650,000 and corrective action plan.

How do YOU know if your are supposed to be HIPAA compliant and what HIPAA compliance requirements are needed?

According to HHS HIPAA Federal Regulations, if you handle, access or transmit protected health information (PHI), you are required to have a HIPAA compliance program which all starts with a security risk assessment.

What can you take away from this?

Don’t wait until you're involved in a HIPAA nightmare. Even with CHCS paying $650,000, they were still required to implement all corrective action items.

Allow the experts at Live Compliance ensure your organization has met all of your HIPAA Compliance Requirements with a FREE Organization Assessment.

Contact Jim Johnson at or at (980) 999-1585



bottom of page