Bankrupt Business Associate Agrees to $100K HIPAA Settlement for Medical Records Left at DumpsterFileFax, Inc has agreed to pay $100,000 to settle potential HIPAA violations. FileFax, Inc. was a business associate that provided medical record storage, maintenance and delivery services. Back in Jan - Feb 2015, FileFax impermissibly disclosed the PHI of 2,150 by leaving the PHI in an unlocked truck in the FileFax parking lot or by granting permission to a person to remove the PHI from Filefax. A "dumpster diver" then took those medical records to a shredding and recycling facility for cash.
During the course of the HIPAA investigation, FileFax closed for business. However, the investigation continued, and even though the business associate went out of business, it could not escape its legal obligation. The bankruptcy receiver agreed to the Resolution Agreement and payment of the penalties to resolve the alleged violation.
For more information, read the Press Release and Resolution Agreement on the OCR Compliance Enforcement website.