Sentara`s transaction, which also concerns the alleged absence of an internal counterparty agreement (ALA), is the third enforcement action adopted by OCR in a single month and is one of the fastest complaints it has formally resolved. Since Sentara Hospitals` parent company, Sentara Healthcare, acts as the hospital unit`s business partner, that unit had to have a counterparty agreement with Sentara Healthcare, he explains. EBIA`s Comment: This Settlement Agreement reminds us that PHI is not limited to diagnostic, treatment or other medical information and includes a wide range of other individually identifiable information used or disclosed in the provision or payment of health services. For more information, see EBIA`s Portability, Data Protection and Security Manual in sections XX.D (“Resolution Agreements”), XXIV (“Counterparty Agreements”) and XXV.B (“Breach Notification for Unsecured PHI: What is a Breach?”). You may also be interested in our webinar “Nuts and Bolts of HIPAA Uses and Disclosures” (recorded on 25.07.19). The OCR-Sentara resolution agreement and corrective action plan are available here. In contrast, this month`s other settlement agreement requires the University of Rochester Medical Center to notify OCR in writing, within 60 days, of actual HIPC violations committed by employees.  David Holtzman, counsel for security consultancy CynergisTek, said the case offers a number of other lessons, including the need to carefully determine when a counterparty agreement is needed, even inside a large corporate roof. Federal authorities beat sentara hospitals based in Norfolk, Virginia, with a $2.2 million deal for the wrong violation report and lack of a matching agreement. The fine regulates alleged HIPAA violations, including sentara hospitals, that allegedly entered into a counterparty agreement with their parent company, Sentara Healthcare, based in Norfolk, Virginia. Although Care New England was the party that signed the OCR agreement, it itself was not accused of HIPAA violations, but was signed on behalf of its four hospitals, including Women & Infants. The agreement between OCR and Sentara, which operates 12 acute hospitals at more than 300 healthcare sites in Virginia and North Carolina, is the result of allegations that the healthcare provider failed to properly inform the AMF of a breach of unsecured protected health information.
OCR also noted that Sentara Hospitals has not entered into a counterparty agreement with Sentara Healthcare, which provides counterparty services to hospitals. Two years after the ocRs stock surprised $400,000 in comparison with Care New England a lot due to BAA`s size and tangent problem….