HIPAA Doesn’t Go Away Even When a Business Closes

Filefax, Inc., a company that provided medical record storage, maintenance, and delivery for covered entities, is responsible for a $100,000 HIPAA fine even though it shut its doors during OCR’s violation investigation.

In early 2015, the Filefax disclosed medical records of over 2,000 patients. Although Filefax closed, their court-appointed receiver used liquidated assets to pay the fine and to store and dispose of any remaining medical records.

The resolution agreement and corrective action plan may be found on the OCR website at http://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/Filefax/index.html.