SlideShare ist ein Scribd-Unternehmen logo

Qca agreement

D
data brackets

OCR received a breach notice in February 2012 from QCA Health Plan, Inc. of Arkansas reporting that an unencrypted laptop computer containing the ePHI of 148 individuals was stolen from a workforce member’s car. While QCA encrypted their devices following discovery of the breach, OCR’s investigation revealed that QCA failed to comply with multiple requirements of the HIPAA Privacy and Security Rules, beginning from the compliance date of the Security Rule in April 2005 and ending in June 2012. QCA agreed to a $250,000 monetary settlement and is required to provide HHS with an updated risk analysis and corresponding risk management plan that includes specific security measures to reduce the risks to and vulnerabilities of its ePHI. QCA is also required to retrain its workforce and document its ongoing compliance efforts.

GesundheitswesenTechnologieNews & Politik
1 von 9
Downloaden Sie, um offline zu lesen
RESOLUTION AGREEMENT I. Recitals 1. Parties. The Parties to this Resolution Agreement (“Agreement”) are the United States Department of Health and Human Services, Office for Civil Rights (“HHS”), and QCA Health Plan, Inc. (“QCA”). HHS and QCA shall together be referred to herein as the “Parties.” A. Authority of HHS HHS enforces the Federal standards for the Privacy of Individually Identifiable Health Information (45 C.F.R. Part 160 and Subparts A and E of Part 164, the “Privacy Rule”), the Federal Security Standards for the Protection of Electronic Protected Health Information (45 C.F.R. Part 160 and Subparts A and C of Part 164, the “Security Rule”), and the Federal standards for Notification in the Case of Breach of Unsecured Protected Health Information (45 C.F.R. Part 160 and Subparts A and D of Part 164, the “Breach Notification Rule”). HHS has the authority to conduct investigations of complaints alleging violations of the foregoing rules by covered entities, and covered entities must cooperate with HHS investigations. 45 C.F.R. §§ 160.306(c) and 160.310(b). B. QCA QCA is a covered entity, as defined at 45 C.F.R. § 160.103, and therefore is required to comply with the Privacy, Security, and Breach Notification Rules. 2. Factual Background and Covered Conduct On February 21, 2012, HHS received notification from QCA regarding a breach of unsecured electronic protected health information (ePHI). On May 3, 2012, HHS notified QCA of its investigation regarding QCA’s compliance with the Privacy, Security, and Breach Notification Rules. HHS’ investigation indicated that the following conduct occurred (“Covered Conduct”): A. QCA did not implement policies and procedures to prevent, detect, contain, and correct security violations, including conducting an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI it held, and implementing security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level to comply with 45 C.F.R. § 164.306 from the compliance date of the Security Rule to June 18, 2012. B. QCA did not implement physical safeguards for all workstations that access ePHI to restrict access to authorized users on October 8, 2011. 1
2 C. QCA impermissibly disclosed the ePHI of 148 individuals on October 8, 2011. 3. No Admission. This Agreement is not an admission of liability by QCA. 4. No Concession. This Agreement is not a concession by HHS that QCA is not in violation of the Privacy or Security Rules and that QCA is not liable for civil money penalties. 5. Intention of Parties to Effect Resolution. This Agreement is intended to resolve the OCR Transaction No. 12-142718, and any violations of the Privacy, Security, and Breach Notification Rules related to the Covered Conduct specified in paragraph I.2. of this Agreement. In consideration of the Parties’ interest in avoiding the uncertainty, burden, and expense of further investigation and formal proceedings, the Parties agree to resolve this matter according to the Terms and Conditions below. II. Terms and Conditions 6. Payment. QCA agrees to pay HHS the amount of $250,000 (“Resolution Amount”). QCA agrees to pay the Resolution Amount by electronic funds transfer pursuant to written instructions to be provided by HHS. QCA agrees to make this payment on or before the date it signs this Agreement. 7. Corrective Action Plan. QCA has entered into and agrees to comply with the Corrective Action Plan (“CAP”), attached as Appendix A, which is incorporated into this Agreement by reference. If QCA breaches the CAP, and fails to cure the breach as set forth in the CAP, then QCA will be in breach of this Agreement and HHS will not be subject to the terms and conditions in the Release set forth in paragraph II.8 of this Agreement. 8. Release by HHS. In consideration of and conditioned upon QCA’s performance of its obligations under this Agreement, HHS releases QCA from any actions it has or may have against QCA under the Privacy, Security, and Breach Notification Rules for the Covered Conduct specified in paragraph I.2. of this Agreement. HHS does not release QCA from, nor waive any rights, obligations, or causes of action other than those for the Covered Conduct and referred to in this paragraph. This release does not extend to actions that may be brought under section 1177 of the Social Security Act, 42 U.S.C. § 1320d-6. 9. Agreement by Released Party. QCA shall not contest the validity of its obligation to pay, nor the amount of, the Resolution Amount or any other obligations agreed to under this Agreement. QCA waives all procedural rights granted under Section 1128A of the Social Security Act (42 U.S.C. § 1320a-7a), 45 C.F.R. Part 160, Subpart E; and HHS Claims Collection regulations, 45 C.F.R. Part 30, including, but not limited to, notice, hearing, and appeal with respect to the Resolution Amount.
3 10. Binding on Successors. This Agreement is binding on QCA and its successors, transferees, and assigns. 11. Costs. Each Party to this Agreement shall bear its own legal and other costs incurred in connection with this matter, including the preparation and performance of this Agreement. 12. No Additional Releases. This Agreement is intended to be for the benefit of the Parties only, and by this instrument the Parties do not release any claims against any other person or entity. 13. Effect of Agreement. This Agreement constitutes the complete agreement between the Parties. All material representations, understandings, and promises of the Parties are contained in this Agreement. Any modifications to this Agreement must be set forth in writing and signed by both Parties. 14. Execution of Agreement and Effective Date. The Agreement shall become effective (i.e., final and binding) on the date this Agreement and the CAP are signed by HHS as the last signatory (“Effective Date”). 15. Tolling of Statute of Limitations. Pursuant to 42 U.S.C. § 1320a-7a(c)(1), a civil money penalty (“CMP”) must be imposed within six years from the date of the occurrence of the violation. To ensure that this six-year period does not expire during the term of this Agreement, QCA agrees that the time between the Effective Date of this Agreement and the date this Resolution Agreement may be terminated by reason of QCA’s breach, plus one-year thereafter, will not be included in calculating the six (6) year statute of limitations applicable to the violations which are the subject of this Agreement. QCA waives and will not plead any statute of limitations, laches, or similar defenses to any administrative action relating to the Covered Conduct specified in paragraph I.2. that is filed by HHS within the time period set forth above, except to the extent that such defenses would have been available had an administrative action been filed on the Effective Date of this Agreement. 16. Disclosure. HHS places no restriction on the publication of the Agreement. This Agreement and information related to this Agreement may be made public by either party. In addition, HHS may be required to disclose this Agreement and related material to any person upon request consistent with the applicable provisions of the Freedom of Information Act, 5 U.S.C. § 552, and its implementing regulations, 45 C.F.R. Part 5. 17. Execution in Counterparts. This Agreement may be executed in counterparts, each of which constitutes an original, and all of which shall constitute one and the same agreement. 18. Authorizations. The individual signing this Agreement on behalf of QCA represents and warrants that he is authorized by QCA to execute this Agreement. The
individual signing this Agreement on behalf of HHS represents and warrants that she is signing this Agreement in her official capacity and that she is authorized to execute this Agreement. For QCA Health Plan, Inc. /s/ April 11, 2014 ____________________________ ____________ Michael E. Stock Date President and Chief Executive Officer QCA Health Plan, Inc. For the United States Department of Health and Human Services /s/ April 14, 2014 ____________________________ _____________ Linda Yuu Connor Date Regional Manager, Region X Office for Civil Rights 4
Appendix A CORRECTIVE ACTION PLAN BETWEEN THE U.S. DEPARTMENT OF HEALTH AND HUMAN SERVICES AND QCA HEALTH PLAN, INC. I. Preamble QCA Health Plan, Inc. (hereinafter referred to as “QCA”) hereby enters into this Corrective Action Plan (“CAP”) with the United States Department of Health and Human Services, Office for Civil Rights (“HHS”). Contemporaneously with this CAP, QCA is entering into a Resolution Agreement (“Agreement”) with HHS, and this CAP is incorporated by reference into the Agreement as Appendix A. QCA enters into this CAP as part of the consideration for the release set forth in paragraph II.8 of the Agreement. II. Contact Persons and Submissions A. Contact Persons QCA has identified the following individual as its authorized representative and contact person regarding the implementation of this CAP and for receipt and submission of notifications and reports: Mr. Michael Stock, Chief Executive Officer QCA Health Plan, Inc. 12615 Chenal Parkway, Suite 300 Little Rock, AR 72211 Telephone: 501-219-5118 Fax: 501-707-6729 HHS has identified the following individual as its contact person with whom QCA is to report information regarding the implementation of this CAP: Linda Yuu Connor, Regional Manager Office for Civil Rights, Region X Department of Health and Human Services 2201 Sixth Avenue, M/S RX-11 Seattle, WA 98121 Telephone: 206-615-2290 Facsimile: 206-615-2297 5
QCA and HHS agree to promptly notify each other of any changes in the contact persons or the other information provided above. B. Proof of Submissions. Unless otherwise specified, all notifications and reports required by this CAP may be made by any means, including certified mail, overnight mail, or hand delivery, provided that there is proof that such notification was received. For purposes of this requirement, internal facsimile confirmation sheets do not constitute proof of receipt. III. Effective Date and Term of CAP The Effective Date for this CAP shall be calculated in accordance with paragraph II.14 of the Agreement (“Effective Date”). The period for compliance with the obligations assumed by QCA under this CAP shall begin on the Effective Date of this CAP and end two (2) years from the Effective Date (“Compliance Term”), except that after the Compliance Term ends, QCA shall be obligated to (1) submit the Annual Report for the final Reporting Period, as set forth in section VI and (b) comply with the document retention requirement set forth in section VII. IV. Time In computing any period of time prescribed or allowed by this CAP, all days referred to shall be calendar days. The day of the act, event, or default from which the designated period of time begins to run shall not be included. The last day of the period so computed shall be included, unless it is a Saturday, a Sunday, or a legal holiday, in which event the period runs until the end of the next day that is not one of the aforementioned days. V. Corrective Action Obligations QCA agrees to the following: A. Security Management Process. 1. QCA shall provide HHS with a risk analysis and corresponding risk management plan that includes security measures to reduce the risks and vulnerabilities to the electronic protected health information (ePHI) maintained by QCA to a reasonable and appropriate level. The risk analysis and corresponding risk management plan shall accurately reflect the environment and operations of QCA that exist at the time of the risk analysis and risk management plan are submitted to HHS. QCA shall provide the updated risk analysis and risk management plan to HHS for review and approval within sixty (60) days of the Effective Date. 2. Upon receiving notice from HHS specifying any required changes, QCA shall make the required changes and provide a revised risk analysis and risk management plan to HHS within thirty (30) days. 6
7 B. Security Awareness and Training. 1. QCA shall provide HHS with its training materials relating to security awareness established to reduce the risks and vulnerabilities to ePHI as identified in its security management process in section V.A. QCA shall provide the training materials to HHS for review and approval within thirty (30) days of the date HHS has approved QCA’s risk analysis and risk management plan. 2. Upon receiving notice from HHS specifying any required changes, QCA shall make the required changes and provide revised security awareness training materials to HHS within thirty (30) days. 3. Upon receiving approval from HHS, QCA shall provide documentation that all workforce members with access to ePHI have received such security awareness training within sixty (60) days and will continue to receive such training on an on-going basis. 4. QCA shall review the security awareness training materials annually, and, where appropriate, update the training to reflect changes in Federal law or HHS guidance, any issues discovered during audits or reviews, and any other relevant developments. C. Reportable Events. 1. QCA shall, upon receiving information that a workforce member may have failed to comply with its Privacy and Security policies and procedures, promptly investigate the matter. If QCA determines, after review and investigation, that a member of its workforce has failed to comply with its Privacy and Security policies and procedures, QCA shall notify HHS in writing within thirty (30) days of its determination. Such violations shall be known as “Reportable Events.” The report to HHS shall include the following: a. A complete description of the event, including the relevant facts, the persons involved, and the provision(s) of QCA’s Privacy and Security policies and procedures implicated; and b. A description of the actions taken and any further steps QCA plans to take to address the matter, to mitigate any harm, and to prevent it from recurring, including the application of appropriate sanctions against workforce members who failed to comply with its Privacy and Security policies and procedures. 2. If no Reportable Events have occurred during the Compliance Term, QCA shall so inform OCR in writing thirty (30) days prior to the conclusion of the Compliance Term.
8 VI. Annual Reports The one-year period beginning on the Effective Date and the following one-year period during the course of the period of compliance obligations shall be referred to as “the Reporting Periods.” QCA shall submit to HHS Annual Reports with respect to the status of and findings regarding QCA’s compliance with this CAP for each of the two Reporting Periods. QCA shall submit each Annual Report to HHS no later than sixty (60) days after the end of each corresponding Reporting Period. The Annual Report shall include: A. A summary of the security measures (addressed in section V.A.) taken during the Reporting Period; B. A summary of any updates to security awareness training (addressed in section V.B.) taken during the Reporting Period; C. A summary of Reportable Events (addressed in section V.C.) identified during the Reporting Period and the status of any corrective and preventative action relating to all such Reportable Events; and D. An attestation signed by an officer of QCA attesting that he or she has reviewed the Annual Report, has made a reasonable inquiry regarding its content, and believes, based upon such inquiry, that the information is accurate and truthful. VII. Document Retention QCA shall maintain for inspection and copying all documents and records relating to compliance with this CAP for six (6) years from the Effective Date. VIII. Breach Provisions QCA is expected to fully and timely comply with all provisions contained in this CAP. A. Timely Written Requests for Extensions. QCA may, in advance of any due date set forth in this CAP, submit a timely written request for an extension of time to perform any act required by this CAP. A “timely written request” is defined as a request in writing received by HHS at least five (5) days prior to the date such an act is required or due to be performed. B. Notice of Breach and Intent to Impose CMP. The Parties agree that a breach of this CAP by QCA constitutes a breach of the Agreement. Upon a determination by HHS that QCA has breached this CAP, HHS may notify QCA of (1) QCA’s breach; and (2) HHS’ intent to impose a civil money penalty (“CMP”), pursuant to 45 C.F.R. Part 160, for the Covered Conduct set forth in paragraph I.2 of the Agreement and for any
9 other conduct that constitutes a violation of the HIPAA Privacy, Security, and Breach Notification Rules (“Notice of Breach and Intent to Impose CMP”). C. QCA Response. QCA shall have thirty (30) days from the date of receipt of the Notice of Breach and Intent to Impose CMP to demonstrate to HHS’ satisfaction that: 1. QCA is in compliance with the obligations of this CAP that HHS cited as the basis for the breach; or 2. the alleged breach has been cured; or 3. the alleged breach cannot be cured within the 30-day period, but that: (a) QCA has begun to take action to cure the breach; (b) QCA is pursuing such action with due diligence; and (c) QCA has provided to HHS a reasonable timetable for curing the breach. D. Imposition of CMP. If at the conclusion of the 30-day period, QCA fails to meet the requirements of section VIII.C of this CAP to HHS’ satisfaction, HHS may proceed with the imposition of the CMP against QCA pursuant to 45 C.F.R. Part 160 for any violations of the Privacy and Security Rules related to the Covered Conduct set forth in paragraph I.2 of the Agreement and for any other act or failure to act that constitutes a violation of the Privacy, Security, or Breach Notification Rules. HHS shall notify QCA in writing of its determination to proceed with the imposition of a CMP. For QCA Health Plan, Inc. /s/ April 11, 2014 ____________________________ ____________ Michael E. Stock Date Chief Executive Officer QCA Health Plan, Inc. For the United States Department of Health and Human Services /s/ April 14, 2014 ____________________________ _____________ Linda Yuu Connor Date Regional Manager, Region X Office for Civil Rights

Empfohlen

HIPAA Security Rule consent agreement with OCR
HIPAA Security Rule consent agreement with OCRHIPAA Security Rule consent agreement with OCR
HIPAA Security Rule consent agreement with OCR
David Sweigert
 
Oregon Health & Science University HIPAA Fines
Oregon Health & Science University HIPAA FinesOregon Health & Science University HIPAA Fines
Oregon Health & Science University HIPAA Fines
data brackets
 
Affinity agreement
Affinity agreementAffinity agreement
Affinity agreement
data brackets
 
Adult & Pediatric Dermatology, Corrective Action Plan
Adult & Pediatric Dermatology, Corrective Action PlanAdult & Pediatric Dermatology, Corrective Action Plan
Adult & Pediatric Dermatology, Corrective Action Plan
data brackets
 
Catholic Health Care Services Resolution Agreement and Corrective Action Plan
Catholic Health Care Services Resolution Agreement and Corrective Action PlanCatholic Health Care Services Resolution Agreement and Corrective Action Plan
Catholic Health Care Services Resolution Agreement and Corrective Action Plan
Alex Slaney
 
DHHS OCR data breach resolution agreement
DHHS OCR data breach resolution agreementDHHS OCR data breach resolution agreement
DHHS OCR data breach resolution agreement
David Sweigert
 
North memorial ra and cap march 2016 (508)
North memorial ra and cap march 2016 (508)North memorial ra and cap march 2016 (508)
North memorial ra and cap march 2016 (508)
Alex Slaney
 
NYP RA and CAP april 2016
NYP RA and CAP april 2016 NYP RA and CAP april 2016
NYP RA and CAP april 2016
data brackets
 

Empfohlen

HIPAA Security Rule consent agreement with OCR
HIPAA Security Rule consent agreement with OCRHIPAA Security Rule consent agreement with OCR
HIPAA Security Rule consent agreement with OCR
David Sweigert
 
Oregon Health & Science University HIPAA Fines
Oregon Health & Science University HIPAA FinesOregon Health & Science University HIPAA Fines
Oregon Health & Science University HIPAA Fines
data brackets
 
Affinity agreement
Affinity agreementAffinity agreement
Affinity agreement
data brackets
 
Adult & Pediatric Dermatology, Corrective Action Plan
Adult & Pediatric Dermatology, Corrective Action PlanAdult & Pediatric Dermatology, Corrective Action Plan
Adult & Pediatric Dermatology, Corrective Action Plan
data brackets
 
Catholic Health Care Services Resolution Agreement and Corrective Action Plan
Catholic Health Care Services Resolution Agreement and Corrective Action PlanCatholic Health Care Services Resolution Agreement and Corrective Action Plan
Catholic Health Care Services Resolution Agreement and Corrective Action Plan
Alex Slaney
 
DHHS OCR data breach resolution agreement
DHHS OCR data breach resolution agreementDHHS OCR data breach resolution agreement
DHHS OCR data breach resolution agreement
David Sweigert
 
North memorial ra and cap march 2016 (508)
North memorial ra and cap march 2016 (508)North memorial ra and cap march 2016 (508)
North memorial ra and cap march 2016 (508)
Alex Slaney
 
NYP RA and CAP april 2016
NYP RA and CAP april 2016 NYP RA and CAP april 2016
NYP RA and CAP april 2016
data brackets
 
Parkview HIPAA Settlement - Resolution Agreement
Parkview HIPAA Settlement - Resolution AgreementParkview HIPAA Settlement - Resolution Agreement
Parkview HIPAA Settlement - Resolution Agreement
data brackets
 
Raleigh Orthopedic RA and CAP April 2016
Raleigh Orthopedic RA and CAP April 2016Raleigh Orthopedic RA and CAP April 2016
Raleigh Orthopedic RA and CAP April 2016
Alex Slaney
 
Shasta agreement
Shasta agreementShasta agreement
Shasta agreement
data brackets
 
HIPAA Settlement New York Presbyterian and Columbia Universtiy
HIPAA Settlement New York Presbyterian and Columbia UniverstiyHIPAA Settlement New York Presbyterian and Columbia Universtiy
HIPAA Settlement New York Presbyterian and Columbia Universtiy
data brackets
 
Cancer Care Group HIPAA Settlement Agreement
Cancer Care Group HIPAA Settlement AgreementCancer Care Group HIPAA Settlement Agreement
Cancer Care Group HIPAA Settlement Agreement
data brackets
 
Presence Health Resolution Agreement with OCR
Presence Health Resolution Agreement with OCRPresence Health Resolution Agreement with OCR
Presence Health Resolution Agreement with OCR
data brackets
 
Concentra agreement
Concentra agreementConcentra agreement
Concentra agreement
data brackets
 
HONI HIPAA Breach Resolution Agreement
HONI HIPAA Breach Resolution AgreementHONI HIPAA Breach Resolution Agreement
HONI HIPAA Breach Resolution Agreement
data brackets
 
Skagit county- HIPAA violation settlement agreement with HHS
Skagit county- HIPAA violation settlement agreement with HHSSkagit county- HIPAA violation settlement agreement with HHS
Skagit county- HIPAA violation settlement agreement with HHS
data brackets
 
Oakland Housing Authority Legal Services Contract For General Counsel This
Oakland Housing Authority Legal Services Contract For General Counsel ThisOakland Housing Authority Legal Services Contract For General Counsel This
Oakland Housing Authority Legal Services Contract For General Counsel This
legal3
 
Court_Acceptance_of_FCA_Stark_Theory_MB
Court_Acceptance_of_FCA_Stark_Theory_MBCourt_Acceptance_of_FCA_Stark_Theory_MB
Court_Acceptance_of_FCA_Stark_Theory_MB
Laura Laemmle-Weidenfeld
 
Special laws & medical profession
Special laws & medical professionSpecial laws & medical profession
Special laws & medical profession
Study Stuff
 
Item # 4 - Local Health Authority Designation
Item # 4 - Local Health Authority DesignationItem # 4 - Local Health Authority Designation
Item # 4 - Local Health Authority Designation
ahcitycouncil
 
Item # 7 - Interlocal Agreement with San Antonio Metro Health District
Item # 7 - Interlocal Agreement with San Antonio Metro Health DistrictItem # 7 - Interlocal Agreement with San Antonio Metro Health District
Item # 7 - Interlocal Agreement with San Antonio Metro Health District
ahcitycouncil
 
Taylor AND MISHRA contract air recovery heating and ac llc - and ajay mish...
Taylor AND MISHRA contract air recovery heating and ac llc - and ajay mish...Taylor AND MISHRA contract air recovery heating and ac llc - and ajay mish...
Taylor AND MISHRA contract air recovery heating and ac llc - and ajay mish...
ALINA MATSENKO AND AJAY MISHRA ALINA AND AJAY
 
NYP RA and Cap april 2016
NYP RA and Cap april 2016 NYP RA and Cap april 2016
NYP RA and Cap april 2016
data brackets
 
Catholic Health Care Services Resolution Agreement
Catholic Health Care Services Resolution Agreement Catholic Health Care Services Resolution Agreement
Catholic Health Care Services Resolution Agreement
data brackets
 
Raleigh Orthopedic RA and CAP April 2016
Raleigh Orthopedic RA and CAP April 2016Raleigh Orthopedic RA and CAP April 2016
Raleigh Orthopedic RA and CAP April 2016
data brackets
 
HIPAA Violation Fines: North memorial Hospistal Settlement
HIPAA Violation Fines: North memorial Hospistal Settlement HIPAA Violation Fines: North memorial Hospistal Settlement
HIPAA Violation Fines: North memorial Hospistal Settlement
data brackets
 
North memorial resolution agreement
North memorial resolution agreementNorth memorial resolution agreement
North memorial resolution agreement
Alex Slaney
 
First HIPAA enforcement action for lack of timely breach notification settles...
First HIPAA enforcement action for lack of timely breach notification settles...First HIPAA enforcement action for lack of timely breach notification settles...
First HIPAA enforcement action for lack of timely breach notification settles...
David Sweigert
 
Mediation Order New England Compounding Pharmacy
Mediation Order New England Compounding Pharmacy Mediation Order New England Compounding Pharmacy
Mediation Order New England Compounding Pharmacy
mzamoralaw
 

Weitere ähnliche Inhalte

Was ist angesagt?

HIPAA Settlement New York Presbyterian and Columbia Universtiy
HIPAA Settlement New York Presbyterian and Columbia UniverstiyHIPAA Settlement New York Presbyterian and Columbia Universtiy
HIPAA Settlement New York Presbyterian and Columbia Universtiy
data brackets
 
Presence Health Resolution Agreement with OCR
Presence Health Resolution Agreement with OCRPresence Health Resolution Agreement with OCR
Presence Health Resolution Agreement with OCR
data brackets
 
Concentra agreement
Concentra agreementConcentra agreement
Concentra agreement
data brackets
 
HONI HIPAA Breach Resolution Agreement
HONI HIPAA Breach Resolution AgreementHONI HIPAA Breach Resolution Agreement
HONI HIPAA Breach Resolution Agreement
data brackets
 
Skagit county- HIPAA violation settlement agreement with HHS
Skagit county- HIPAA violation settlement agreement with HHSSkagit county- HIPAA violation settlement agreement with HHS
Skagit county- HIPAA violation settlement agreement with HHS
data brackets
 
Oakland Housing Authority Legal Services Contract For General Counsel This
Oakland Housing Authority Legal Services Contract For General Counsel ThisOakland Housing Authority Legal Services Contract For General Counsel This
Oakland Housing Authority Legal Services Contract For General Counsel This
legal3
 
Special laws & medical profession
Special laws & medical professionSpecial laws & medical profession
Special laws & medical profession
Study Stuff
 

Was ist angesagt? (15)

Parkview HIPAA Settlement - Resolution Agreement
Parkview HIPAA Settlement - Resolution AgreementParkview HIPAA Settlement - Resolution Agreement
Parkview HIPAA Settlement - Resolution Agreement
 
Raleigh Orthopedic RA and CAP April 2016
Raleigh Orthopedic RA and CAP April 2016Raleigh Orthopedic RA and CAP April 2016
Raleigh Orthopedic RA and CAP April 2016
 
Shasta agreement
Shasta agreementShasta agreement
Shasta agreement
 
HIPAA Settlement New York Presbyterian and Columbia Universtiy
HIPAA Settlement New York Presbyterian and Columbia UniverstiyHIPAA Settlement New York Presbyterian and Columbia Universtiy
HIPAA Settlement New York Presbyterian and Columbia Universtiy
 
Cancer Care Group HIPAA Settlement Agreement
Cancer Care Group HIPAA Settlement AgreementCancer Care Group HIPAA Settlement Agreement
Cancer Care Group HIPAA Settlement Agreement
 
Presence Health Resolution Agreement with OCR
Presence Health Resolution Agreement with OCRPresence Health Resolution Agreement with OCR
Presence Health Resolution Agreement with OCR
 
Concentra agreement
Concentra agreementConcentra agreement
Concentra agreement
 
HONI HIPAA Breach Resolution Agreement
HONI HIPAA Breach Resolution AgreementHONI HIPAA Breach Resolution Agreement
HONI HIPAA Breach Resolution Agreement
 
Skagit county- HIPAA violation settlement agreement with HHS
Skagit county- HIPAA violation settlement agreement with HHSSkagit county- HIPAA violation settlement agreement with HHS
Skagit county- HIPAA violation settlement agreement with HHS
 
Oakland Housing Authority Legal Services Contract For General Counsel This
Oakland Housing Authority Legal Services Contract For General Counsel ThisOakland Housing Authority Legal Services Contract For General Counsel This
Oakland Housing Authority Legal Services Contract For General Counsel This
 
Court_Acceptance_of_FCA_Stark_Theory_MB
Court_Acceptance_of_FCA_Stark_Theory_MBCourt_Acceptance_of_FCA_Stark_Theory_MB
Court_Acceptance_of_FCA_Stark_Theory_MB
 
Special laws & medical profession
Special laws & medical professionSpecial laws & medical profession
Special laws & medical profession
 
Item # 4 - Local Health Authority Designation
Item # 4 - Local Health Authority DesignationItem # 4 - Local Health Authority Designation
Item # 4 - Local Health Authority Designation
 
Item # 7 - Interlocal Agreement with San Antonio Metro Health District
Item # 7 - Interlocal Agreement with San Antonio Metro Health DistrictItem # 7 - Interlocal Agreement with San Antonio Metro Health District
Item # 7 - Interlocal Agreement with San Antonio Metro Health District
 
Taylor AND MISHRA contract air recovery heating and ac llc - and ajay mish...
Taylor AND MISHRA contract air recovery heating and ac llc - and ajay mish...Taylor AND MISHRA contract air recovery heating and ac llc - and ajay mish...
Taylor AND MISHRA contract air recovery heating and ac llc - and ajay mish...
 

Ähnlich wie Qca agreement

First HIPAA enforcement action for lack of timely breach notification settles...
First HIPAA enforcement action for lack of timely breach notification settles...First HIPAA enforcement action for lack of timely breach notification settles...
First HIPAA enforcement action for lack of timely breach notification settles...
David Sweigert
 
Mediation Order New England Compounding Pharmacy
Mediation Order New England Compounding Pharmacy Mediation Order New England Compounding Pharmacy
Mediation Order New England Compounding Pharmacy
mzamoralaw
 
Massachusetts Eye and Ear Infirmary HIPAA Violation
Massachusetts Eye and Ear Infirmary HIPAA ViolationMassachusetts Eye and Ear Infirmary HIPAA Violation
Massachusetts Eye and Ear Infirmary HIPAA Violation
data brackets
 
Participation Agreement
Participation AgreementParticipation Agreement
Participation Agreement
relevatetech
 
FILLABLE Bilateral TEMPLATE PARXTC Strategic Alliance Coalition MoU v20220424
FILLABLE Bilateral TEMPLATE PARXTC Strategic Alliance Coalition MoU v20220424FILLABLE Bilateral TEMPLATE PARXTC Strategic Alliance Coalition MoU v20220424
FILLABLE Bilateral TEMPLATE PARXTC Strategic Alliance Coalition MoU v20220424
Andrew Networks
 
Bussiness associate agreementba 100213173228-phpapp02
Bussiness associate agreementba 100213173228-phpapp02Bussiness associate agreementba 100213173228-phpapp02
Bussiness associate agreementba 100213173228-phpapp02
Donald M. Kaesser
 
FCS 3450 HOMEWORK #41.Thomas Franklin arrived at the following t.docx
FCS 3450 HOMEWORK #41.Thomas Franklin arrived at the following t.docxFCS 3450 HOMEWORK #41.Thomas Franklin arrived at the following t.docx
FCS 3450 HOMEWORK #41.Thomas Franklin arrived at the following t.docx
mydrynan
 

Ähnlich wie Qca agreement (20)

NYP RA and Cap april 2016
NYP RA and Cap april 2016 NYP RA and Cap april 2016
NYP RA and Cap april 2016
 
Catholic Health Care Services Resolution Agreement
Catholic Health Care Services Resolution Agreement Catholic Health Care Services Resolution Agreement
Catholic Health Care Services Resolution Agreement
 
Raleigh Orthopedic RA and CAP April 2016
Raleigh Orthopedic RA and CAP April 2016Raleigh Orthopedic RA and CAP April 2016
Raleigh Orthopedic RA and CAP April 2016
 
HIPAA Violation Fines: North memorial Hospistal Settlement
HIPAA Violation Fines: North memorial Hospistal Settlement HIPAA Violation Fines: North memorial Hospistal Settlement
HIPAA Violation Fines: North memorial Hospistal Settlement
 
North memorial resolution agreement
North memorial resolution agreementNorth memorial resolution agreement
North memorial resolution agreement
 
First HIPAA enforcement action for lack of timely breach notification settles...
First HIPAA enforcement action for lack of timely breach notification settles...First HIPAA enforcement action for lack of timely breach notification settles...
First HIPAA enforcement action for lack of timely breach notification settles...
 
Mediation Order New England Compounding Pharmacy
Mediation Order New England Compounding Pharmacy Mediation Order New England Compounding Pharmacy
Mediation Order New England Compounding Pharmacy
 
Item # 10 Catto & Catto to HUB Insurance Broker Assignment
Item # 10 Catto & Catto to HUB Insurance Broker AssignmentItem # 10 Catto & Catto to HUB Insurance Broker Assignment
Item # 10 Catto & Catto to HUB Insurance Broker Assignment
 
Rokita Non-Disclosure Agreement
Rokita Non-Disclosure AgreementRokita Non-Disclosure Agreement
Rokita Non-Disclosure Agreement
 
FILLABLE Bilateral TEMPLATE PARXTC Strategic Alliance Coalition MoU v20220301
FILLABLE Bilateral TEMPLATE PARXTC Strategic Alliance Coalition MoU v20220301FILLABLE Bilateral TEMPLATE PARXTC Strategic Alliance Coalition MoU v20220301
FILLABLE Bilateral TEMPLATE PARXTC Strategic Alliance Coalition MoU v20220301
 
Massachusetts Eye and Ear Infirmary HIPAA Violation
Massachusetts Eye and Ear Infirmary HIPAA ViolationMassachusetts Eye and Ear Infirmary HIPAA Violation
Massachusetts Eye and Ear Infirmary HIPAA Violation
 
Participation Agreement
Participation AgreementParticipation Agreement
Participation Agreement
 
FILLABLE Bilateral TEMPLATE PARXTC Strategic Alliance Coalition MoU v20220424
FILLABLE Bilateral TEMPLATE PARXTC Strategic Alliance Coalition MoU v20220424FILLABLE Bilateral TEMPLATE PARXTC Strategic Alliance Coalition MoU v20220424
FILLABLE Bilateral TEMPLATE PARXTC Strategic Alliance Coalition MoU v20220424
 
Bussiness associate agreementba 100213173228-phpapp02
Bussiness associate agreementba 100213173228-phpapp02Bussiness associate agreementba 100213173228-phpapp02
Bussiness associate agreementba 100213173228-phpapp02
 
ACCOUNTING AGREEMENT
ACCOUNTING AGREEMENTACCOUNTING AGREEMENT
ACCOUNTING AGREEMENT
 
Council Redistricting Contract
Council Redistricting ContractCouncil Redistricting Contract
Council Redistricting Contract
 
Unfair claims-settlement-practices-act
Unfair claims-settlement-practices-actUnfair claims-settlement-practices-act
Unfair claims-settlement-practices-act
 
Mutual nda innoppl 2015
Mutual nda innoppl 2015Mutual nda innoppl 2015
Mutual nda innoppl 2015
 
FCS 3450 HOMEWORK #41.Thomas Franklin arrived at the following t.docx
FCS 3450 HOMEWORK #41.Thomas Franklin arrived at the following t.docxFCS 3450 HOMEWORK #41.Thomas Franklin arrived at the following t.docx
FCS 3450 HOMEWORK #41.Thomas Franklin arrived at the following t.docx
 
[u][mvpd]
[u][mvpd][u][mvpd]
[u][mvpd]
 

Mehr von data brackets

Office of Inspector General Study on OCR's HIPAA audit program
Office of Inspector General Study on OCR's HIPAA audit programOffice of Inspector General Study on OCR's HIPAA audit program
Office of Inspector General Study on OCR's HIPAA audit program
data brackets
 
EHR meaningful use security risk assessment sample document
EHR meaningful use security risk assessment sample documentEHR meaningful use security risk assessment sample document
EHR meaningful use security risk assessment sample document
data brackets
 
Trends and Career Opportunities in Health IT
Trends and Career Opportunities in Health ITTrends and Career Opportunities in Health IT
Trends and Career Opportunities in Health IT
data brackets
 
Business Associate Assurance: What Covered Entities Need to Know
Business Associate Assurance: What Covered Entities Need to KnowBusiness Associate Assurance: What Covered Entities Need to Know
Business Associate Assurance: What Covered Entities Need to Know
data brackets
 
Social Media Compliance for Healthcare Professionals
Social Media Compliance for Healthcare ProfessionalsSocial Media Compliance for Healthcare Professionals
Social Media Compliance for Healthcare Professionals
data brackets
 
HIPAA HiTech Security Assessment
HIPAA HiTech Security AssessmentHIPAA HiTech Security Assessment
HIPAA HiTech Security Assessment
data brackets
 

Mehr von data brackets (13)

Prepayment Audit Suggested Documentation
Prepayment Audit Suggested DocumentationPrepayment Audit Suggested Documentation
Prepayment Audit Suggested Documentation
 
Lincare HIPAA remediated decision by administrative judge
Lincare HIPAA remediated decision by administrative judgeLincare HIPAA remediated decision by administrative judge
Lincare HIPAA remediated decision by administrative judge
 
Lincare HIPAA Notice of Proposed Determination remediated
Lincare HIPAA Notice of Proposed Determination remediatedLincare HIPAA Notice of Proposed Determination remediated
Lincare HIPAA Notice of Proposed Determination remediated
 
Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule and ...
Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule and ...Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule and ...
Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule and ...
 
Office of Inspector General Study on OCR's HIPAA audit program
Office of Inspector General Study on OCR's HIPAA audit programOffice of Inspector General Study on OCR's HIPAA audit program
Office of Inspector General Study on OCR's HIPAA audit program
 
EHR meaningful use security risk assessment sample document
EHR meaningful use security risk assessment sample documentEHR meaningful use security risk assessment sample document
EHR meaningful use security risk assessment sample document
 
OCR HHS HIPAA HITECH Audit Advisory Template
OCR HHS HIPAA HITECH Audit Advisory TemplateOCR HHS HIPAA HITECH Audit Advisory Template
OCR HHS HIPAA HITECH Audit Advisory Template
 
HIPAA HITECH Compliance Assurance Template
HIPAA HITECH Compliance Assurance TemplateHIPAA HITECH Compliance Assurance Template
HIPAA HITECH Compliance Assurance Template
 
Trends and Career Opportunities in Health IT
Trends and Career Opportunities in Health ITTrends and Career Opportunities in Health IT
Trends and Career Opportunities in Health IT
 
Mobile devices and applications in healthcare: Security and Compliance Risks
Mobile devices and applications in healthcare: Security and Compliance RisksMobile devices and applications in healthcare: Security and Compliance Risks
Mobile devices and applications in healthcare: Security and Compliance Risks
 
Business Associate Assurance: What Covered Entities Need to Know
Business Associate Assurance: What Covered Entities Need to KnowBusiness Associate Assurance: What Covered Entities Need to Know
Business Associate Assurance: What Covered Entities Need to Know
 
Social Media Compliance for Healthcare Professionals
Social Media Compliance for Healthcare ProfessionalsSocial Media Compliance for Healthcare Professionals
Social Media Compliance for Healthcare Professionals
 
HIPAA HiTech Security Assessment
HIPAA HiTech Security AssessmentHIPAA HiTech Security Assessment
HIPAA HiTech Security Assessment
 

Kürzlich hochgeladen

VIP Call Girls Noida Jhanvi 9711199171 Best VIP Call Girls Near Me
VIP Call Girls Noida Jhanvi 9711199171 Best VIP Call Girls Near MeVIP Call Girls Noida Jhanvi 9711199171 Best VIP Call Girls Near Me
VIP Call Girls Noida Jhanvi 9711199171 Best VIP Call Girls Near Me
mriyagarg453
 
Bhagalpur Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Bhagalpur Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real MeetBhagalpur Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Bhagalpur Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Call Girls Service
 
Call Girls Hyderabad Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Hyderabad Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Hyderabad Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Hyderabad Just Call 9907093804 Top Class Call Girl Service Available
Dipal Arora
 
ooty Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
ooty Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meetooty Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
ooty Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Call Girls Service
 
Call Girls Service Anantapur 📲 6297143586 Book Now VIP Call Girls in Anantapur
Call Girls Service Anantapur 📲 6297143586 Book Now VIP Call Girls in AnantapurCall Girls Service Anantapur 📲 6297143586 Book Now VIP Call Girls in Anantapur
Call Girls Service Anantapur 📲 6297143586 Book Now VIP Call Girls in Anantapur
gragmanisha42
 
Call Girls Thane Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Thane Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Thane Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Thane Just Call 9907093804 Top Class Call Girl Service Available
Dipal Arora
 
Tirupati Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Tirupati Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real MeetTirupati Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Tirupati Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Call Girls Service
 
Russian Call Girls in Noida Pallavi 9711199171 High Class Call Girl Near Me
Russian Call Girls in Noida Pallavi 9711199171 High Class Call Girl Near MeRussian Call Girls in Noida Pallavi 9711199171 High Class Call Girl Near Me
Russian Call Girls in Noida Pallavi 9711199171 High Class Call Girl Near Me
mriyagarg453
 
Independent Call Girls Hyderabad 💋 9352988975 💋 Genuine WhatsApp Number for R...
Independent Call Girls Hyderabad 💋 9352988975 💋 Genuine WhatsApp Number for R...Independent Call Girls Hyderabad 💋 9352988975 💋 Genuine WhatsApp Number for R...
Independent Call Girls Hyderabad 💋 9352988975 💋 Genuine WhatsApp Number for R...
Ahmedabad Call Girls
 
VIP Call Girls Noida Sia 9711199171 High Class Call Girl Near Me
VIP Call Girls Noida Sia 9711199171 High Class Call Girl Near MeVIP Call Girls Noida Sia 9711199171 High Class Call Girl Near Me
VIP Call Girls Noida Sia 9711199171 High Class Call Girl Near Me
mriyagarg453
 
Escorts Service Ahmedabad🌹6367187148 🌹 No Need For Advance Payments
Escorts Service Ahmedabad🌹6367187148 🌹 No Need For Advance PaymentsEscorts Service Ahmedabad🌹6367187148 🌹 No Need For Advance Payments
Escorts Service Ahmedabad🌹6367187148 🌹 No Need For Advance Payments
Ahmedabad Call Girls
 
Best Lahore Escorts 😮‍💨03250114445 || VIP escorts in Lahore
Best Lahore Escorts 😮‍💨03250114445 || VIP escorts in LahoreBest Lahore Escorts 😮‍💨03250114445 || VIP escorts in Lahore
Best Lahore Escorts 😮‍💨03250114445 || VIP escorts in Lahore
Deny Daniel
 
Call Girls Patiala Just Call 8250077686 Top Class Call Girl Service Available
Call Girls Patiala Just Call 8250077686 Top Class Call Girl Service AvailableCall Girls Patiala Just Call 8250077686 Top Class Call Girl Service Available
Call Girls Patiala Just Call 8250077686 Top Class Call Girl Service Available
Dipal Arora
 
Hubli Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Hubli Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real MeetHubli Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Hubli Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Call Girls Service
 
Call Girl Gorakhpur * 8250192130 Service starts from just ₹9999 ✅
Call Girl Gorakhpur * 8250192130 Service starts from just ₹9999 ✅Call Girl Gorakhpur * 8250192130 Service starts from just ₹9999 ✅
Call Girl Gorakhpur * 8250192130 Service starts from just ₹9999 ✅
gragmanisha42
 
Call Girls in Udaipur Girija Udaipur Call Girl ✔ VQRWTO ❤️ 100% offer with...
Call Girls in Udaipur Girija Udaipur Call Girl ✔ VQRWTO ❤️ 100% offer with...Call Girls in Udaipur Girija Udaipur Call Girl ✔ VQRWTO ❤️ 100% offer with...
Call Girls in Udaipur Girija Udaipur Call Girl ✔ VQRWTO ❤️ 100% offer with...
mahaiklolahd
 
raisen Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
raisen Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meetraisen Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
raisen Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Call Girls Service
 
Call Girl in Bangalore 9632137771 {LowPrice} ❤️ (Navya) Bangalore Call Girls ...
Call Girl in Bangalore 9632137771 {LowPrice} ❤️ (Navya) Bangalore Call Girls ...Call Girl in Bangalore 9632137771 {LowPrice} ❤️ (Navya) Bangalore Call Girls ...
Call Girl in Bangalore 9632137771 {LowPrice} ❤️ (Navya) Bangalore Call Girls ...
mahaiklolahd
 

Kürzlich hochgeladen (20)

Kochi call girls Mallu escort girls available 7877702510
Kochi call girls Mallu escort girls available 7877702510Kochi call girls Mallu escort girls available 7877702510
Kochi call girls Mallu escort girls available 7877702510
 
VIP Call Girls Noida Jhanvi 9711199171 Best VIP Call Girls Near Me
VIP Call Girls Noida Jhanvi 9711199171 Best VIP Call Girls Near MeVIP Call Girls Noida Jhanvi 9711199171 Best VIP Call Girls Near Me
VIP Call Girls Noida Jhanvi 9711199171 Best VIP Call Girls Near Me
 
Bhagalpur Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Bhagalpur Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real MeetBhagalpur Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Bhagalpur Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
 
Call Girls Hyderabad Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Hyderabad Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Hyderabad Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Hyderabad Just Call 9907093804 Top Class Call Girl Service Available
 
ooty Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
ooty Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meetooty Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
ooty Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
 
Call Girls Service Anantapur 📲 6297143586 Book Now VIP Call Girls in Anantapur
Call Girls Service Anantapur 📲 6297143586 Book Now VIP Call Girls in AnantapurCall Girls Service Anantapur 📲 6297143586 Book Now VIP Call Girls in Anantapur
Call Girls Service Anantapur 📲 6297143586 Book Now VIP Call Girls in Anantapur
 
Call Girls Thane Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Thane Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Thane Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Thane Just Call 9907093804 Top Class Call Girl Service Available
 
Tirupati Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Tirupati Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real MeetTirupati Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Tirupati Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
 
Russian Call Girls in Noida Pallavi 9711199171 High Class Call Girl Near Me
Russian Call Girls in Noida Pallavi 9711199171 High Class Call Girl Near MeRussian Call Girls in Noida Pallavi 9711199171 High Class Call Girl Near Me
Russian Call Girls in Noida Pallavi 9711199171 High Class Call Girl Near Me
 
Independent Call Girls Hyderabad 💋 9352988975 💋 Genuine WhatsApp Number for R...
Independent Call Girls Hyderabad 💋 9352988975 💋 Genuine WhatsApp Number for R...Independent Call Girls Hyderabad 💋 9352988975 💋 Genuine WhatsApp Number for R...
Independent Call Girls Hyderabad 💋 9352988975 💋 Genuine WhatsApp Number for R...
 
VIP Call Girls Noida Sia 9711199171 High Class Call Girl Near Me
VIP Call Girls Noida Sia 9711199171 High Class Call Girl Near MeVIP Call Girls Noida Sia 9711199171 High Class Call Girl Near Me
VIP Call Girls Noida Sia 9711199171 High Class Call Girl Near Me
 
Escorts Service Ahmedabad🌹6367187148 🌹 No Need For Advance Payments
Escorts Service Ahmedabad🌹6367187148 🌹 No Need For Advance PaymentsEscorts Service Ahmedabad🌹6367187148 🌹 No Need For Advance Payments
Escorts Service Ahmedabad🌹6367187148 🌹 No Need For Advance Payments
 
Krishnagiri call girls Tamil aunty 7877702510
Krishnagiri call girls Tamil aunty 7877702510Krishnagiri call girls Tamil aunty 7877702510
Krishnagiri call girls Tamil aunty 7877702510
 
Best Lahore Escorts 😮‍💨03250114445 || VIP escorts in Lahore
Best Lahore Escorts 😮‍💨03250114445 || VIP escorts in LahoreBest Lahore Escorts 😮‍💨03250114445 || VIP escorts in Lahore
Best Lahore Escorts 😮‍💨03250114445 || VIP escorts in Lahore
 
Call Girls Patiala Just Call 8250077686 Top Class Call Girl Service Available
Call Girls Patiala Just Call 8250077686 Top Class Call Girl Service AvailableCall Girls Patiala Just Call 8250077686 Top Class Call Girl Service Available
Call Girls Patiala Just Call 8250077686 Top Class Call Girl Service Available
 
Hubli Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Hubli Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real MeetHubli Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Hubli Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
 
Call Girl Gorakhpur * 8250192130 Service starts from just ₹9999 ✅
Call Girl Gorakhpur * 8250192130 Service starts from just ₹9999 ✅Call Girl Gorakhpur * 8250192130 Service starts from just ₹9999 ✅
Call Girl Gorakhpur * 8250192130 Service starts from just ₹9999 ✅
 
Call Girls in Udaipur Girija Udaipur Call Girl ✔ VQRWTO ❤️ 100% offer with...
Call Girls in Udaipur Girija Udaipur Call Girl ✔ VQRWTO ❤️ 100% offer with...Call Girls in Udaipur Girija Udaipur Call Girl ✔ VQRWTO ❤️ 100% offer with...
Call Girls in Udaipur Girija Udaipur Call Girl ✔ VQRWTO ❤️ 100% offer with...
 
raisen Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
raisen Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meetraisen Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
raisen Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
 
Call Girl in Bangalore 9632137771 {LowPrice} ❤️ (Navya) Bangalore Call Girls ...
Call Girl in Bangalore 9632137771 {LowPrice} ❤️ (Navya) Bangalore Call Girls ...Call Girl in Bangalore 9632137771 {LowPrice} ❤️ (Navya) Bangalore Call Girls ...
Call Girl in Bangalore 9632137771 {LowPrice} ❤️ (Navya) Bangalore Call Girls ...
 

Qca agreement

  • 1. RESOLUTION AGREEMENT I. Recitals 1. Parties. The Parties to this Resolution Agreement (“Agreement”) are the United States Department of Health and Human Services, Office for Civil Rights (“HHS”), and QCA Health Plan, Inc. (“QCA”). HHS and QCA shall together be referred to herein as the “Parties.” A. Authority of HHS HHS enforces the Federal standards for the Privacy of Individually Identifiable Health Information (45 C.F.R. Part 160 and Subparts A and E of Part 164, the “Privacy Rule”), the Federal Security Standards for the Protection of Electronic Protected Health Information (45 C.F.R. Part 160 and Subparts A and C of Part 164, the “Security Rule”), and the Federal standards for Notification in the Case of Breach of Unsecured Protected Health Information (45 C.F.R. Part 160 and Subparts A and D of Part 164, the “Breach Notification Rule”). HHS has the authority to conduct investigations of complaints alleging violations of the foregoing rules by covered entities, and covered entities must cooperate with HHS investigations. 45 C.F.R. §§ 160.306(c) and 160.310(b). B. QCA QCA is a covered entity, as defined at 45 C.F.R. § 160.103, and therefore is required to comply with the Privacy, Security, and Breach Notification Rules. 2. Factual Background and Covered Conduct On February 21, 2012, HHS received notification from QCA regarding a breach of unsecured electronic protected health information (ePHI). On May 3, 2012, HHS notified QCA of its investigation regarding QCA’s compliance with the Privacy, Security, and Breach Notification Rules. HHS’ investigation indicated that the following conduct occurred (“Covered Conduct”): A. QCA did not implement policies and procedures to prevent, detect, contain, and correct security violations, including conducting an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI it held, and implementing security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level to comply with 45 C.F.R. § 164.306 from the compliance date of the Security Rule to June 18, 2012. B. QCA did not implement physical safeguards for all workstations that access ePHI to restrict access to authorized users on October 8, 2011. 1
  • 2. 2 C. QCA impermissibly disclosed the ePHI of 148 individuals on October 8, 2011. 3. No Admission. This Agreement is not an admission of liability by QCA. 4. No Concession. This Agreement is not a concession by HHS that QCA is not in violation of the Privacy or Security Rules and that QCA is not liable for civil money penalties. 5. Intention of Parties to Effect Resolution. This Agreement is intended to resolve the OCR Transaction No. 12-142718, and any violations of the Privacy, Security, and Breach Notification Rules related to the Covered Conduct specified in paragraph I.2. of this Agreement. In consideration of the Parties’ interest in avoiding the uncertainty, burden, and expense of further investigation and formal proceedings, the Parties agree to resolve this matter according to the Terms and Conditions below. II. Terms and Conditions 6. Payment. QCA agrees to pay HHS the amount of $250,000 (“Resolution Amount”). QCA agrees to pay the Resolution Amount by electronic funds transfer pursuant to written instructions to be provided by HHS. QCA agrees to make this payment on or before the date it signs this Agreement. 7. Corrective Action Plan. QCA has entered into and agrees to comply with the Corrective Action Plan (“CAP”), attached as Appendix A, which is incorporated into this Agreement by reference. If QCA breaches the CAP, and fails to cure the breach as set forth in the CAP, then QCA will be in breach of this Agreement and HHS will not be subject to the terms and conditions in the Release set forth in paragraph II.8 of this Agreement. 8. Release by HHS. In consideration of and conditioned upon QCA’s performance of its obligations under this Agreement, HHS releases QCA from any actions it has or may have against QCA under the Privacy, Security, and Breach Notification Rules for the Covered Conduct specified in paragraph I.2. of this Agreement. HHS does not release QCA from, nor waive any rights, obligations, or causes of action other than those for the Covered Conduct and referred to in this paragraph. This release does not extend to actions that may be brought under section 1177 of the Social Security Act, 42 U.S.C. § 1320d-6. 9. Agreement by Released Party. QCA shall not contest the validity of its obligation to pay, nor the amount of, the Resolution Amount or any other obligations agreed to under this Agreement. QCA waives all procedural rights granted under Section 1128A of the Social Security Act (42 U.S.C. § 1320a-7a), 45 C.F.R. Part 160, Subpart E; and HHS Claims Collection regulations, 45 C.F.R. Part 30, including, but not limited to, notice, hearing, and appeal with respect to the Resolution Amount.
  • 3. 3 10. Binding on Successors. This Agreement is binding on QCA and its successors, transferees, and assigns. 11. Costs. Each Party to this Agreement shall bear its own legal and other costs incurred in connection with this matter, including the preparation and performance of this Agreement. 12. No Additional Releases. This Agreement is intended to be for the benefit of the Parties only, and by this instrument the Parties do not release any claims against any other person or entity. 13. Effect of Agreement. This Agreement constitutes the complete agreement between the Parties. All material representations, understandings, and promises of the Parties are contained in this Agreement. Any modifications to this Agreement must be set forth in writing and signed by both Parties. 14. Execution of Agreement and Effective Date. The Agreement shall become effective (i.e., final and binding) on the date this Agreement and the CAP are signed by HHS as the last signatory (“Effective Date”). 15. Tolling of Statute of Limitations. Pursuant to 42 U.S.C. § 1320a-7a(c)(1), a civil money penalty (“CMP”) must be imposed within six years from the date of the occurrence of the violation. To ensure that this six-year period does not expire during the term of this Agreement, QCA agrees that the time between the Effective Date of this Agreement and the date this Resolution Agreement may be terminated by reason of QCA’s breach, plus one-year thereafter, will not be included in calculating the six (6) year statute of limitations applicable to the violations which are the subject of this Agreement. QCA waives and will not plead any statute of limitations, laches, or similar defenses to any administrative action relating to the Covered Conduct specified in paragraph I.2. that is filed by HHS within the time period set forth above, except to the extent that such defenses would have been available had an administrative action been filed on the Effective Date of this Agreement. 16. Disclosure. HHS places no restriction on the publication of the Agreement. This Agreement and information related to this Agreement may be made public by either party. In addition, HHS may be required to disclose this Agreement and related material to any person upon request consistent with the applicable provisions of the Freedom of Information Act, 5 U.S.C. § 552, and its implementing regulations, 45 C.F.R. Part 5. 17. Execution in Counterparts. This Agreement may be executed in counterparts, each of which constitutes an original, and all of which shall constitute one and the same agreement. 18. Authorizations. The individual signing this Agreement on behalf of QCA represents and warrants that he is authorized by QCA to execute this Agreement. The
  • 4. individual signing this Agreement on behalf of HHS represents and warrants that she is signing this Agreement in her official capacity and that she is authorized to execute this Agreement. For QCA Health Plan, Inc. /s/ April 11, 2014 ____________________________ ____________ Michael E. Stock Date President and Chief Executive Officer QCA Health Plan, Inc. For the United States Department of Health and Human Services /s/ April 14, 2014 ____________________________ _____________ Linda Yuu Connor Date Regional Manager, Region X Office for Civil Rights 4
  • 5. Appendix A CORRECTIVE ACTION PLAN BETWEEN THE U.S. DEPARTMENT OF HEALTH AND HUMAN SERVICES AND QCA HEALTH PLAN, INC. I. Preamble QCA Health Plan, Inc. (hereinafter referred to as “QCA”) hereby enters into this Corrective Action Plan (“CAP”) with the United States Department of Health and Human Services, Office for Civil Rights (“HHS”). Contemporaneously with this CAP, QCA is entering into a Resolution Agreement (“Agreement”) with HHS, and this CAP is incorporated by reference into the Agreement as Appendix A. QCA enters into this CAP as part of the consideration for the release set forth in paragraph II.8 of the Agreement. II. Contact Persons and Submissions A. Contact Persons QCA has identified the following individual as its authorized representative and contact person regarding the implementation of this CAP and for receipt and submission of notifications and reports: Mr. Michael Stock, Chief Executive Officer QCA Health Plan, Inc. 12615 Chenal Parkway, Suite 300 Little Rock, AR 72211 Telephone: 501-219-5118 Fax: 501-707-6729 HHS has identified the following individual as its contact person with whom QCA is to report information regarding the implementation of this CAP: Linda Yuu Connor, Regional Manager Office for Civil Rights, Region X Department of Health and Human Services 2201 Sixth Avenue, M/S RX-11 Seattle, WA 98121 Telephone: 206-615-2290 Facsimile: 206-615-2297 5
  • 6. QCA and HHS agree to promptly notify each other of any changes in the contact persons or the other information provided above. B. Proof of Submissions. Unless otherwise specified, all notifications and reports required by this CAP may be made by any means, including certified mail, overnight mail, or hand delivery, provided that there is proof that such notification was received. For purposes of this requirement, internal facsimile confirmation sheets do not constitute proof of receipt. III. Effective Date and Term of CAP The Effective Date for this CAP shall be calculated in accordance with paragraph II.14 of the Agreement (“Effective Date”). The period for compliance with the obligations assumed by QCA under this CAP shall begin on the Effective Date of this CAP and end two (2) years from the Effective Date (“Compliance Term”), except that after the Compliance Term ends, QCA shall be obligated to (1) submit the Annual Report for the final Reporting Period, as set forth in section VI and (b) comply with the document retention requirement set forth in section VII. IV. Time In computing any period of time prescribed or allowed by this CAP, all days referred to shall be calendar days. The day of the act, event, or default from which the designated period of time begins to run shall not be included. The last day of the period so computed shall be included, unless it is a Saturday, a Sunday, or a legal holiday, in which event the period runs until the end of the next day that is not one of the aforementioned days. V. Corrective Action Obligations QCA agrees to the following: A. Security Management Process. 1. QCA shall provide HHS with a risk analysis and corresponding risk management plan that includes security measures to reduce the risks and vulnerabilities to the electronic protected health information (ePHI) maintained by QCA to a reasonable and appropriate level. The risk analysis and corresponding risk management plan shall accurately reflect the environment and operations of QCA that exist at the time of the risk analysis and risk management plan are submitted to HHS. QCA shall provide the updated risk analysis and risk management plan to HHS for review and approval within sixty (60) days of the Effective Date. 2. Upon receiving notice from HHS specifying any required changes, QCA shall make the required changes and provide a revised risk analysis and risk management plan to HHS within thirty (30) days. 6
  • 7. 7 B. Security Awareness and Training. 1. QCA shall provide HHS with its training materials relating to security awareness established to reduce the risks and vulnerabilities to ePHI as identified in its security management process in section V.A. QCA shall provide the training materials to HHS for review and approval within thirty (30) days of the date HHS has approved QCA’s risk analysis and risk management plan. 2. Upon receiving notice from HHS specifying any required changes, QCA shall make the required changes and provide revised security awareness training materials to HHS within thirty (30) days. 3. Upon receiving approval from HHS, QCA shall provide documentation that all workforce members with access to ePHI have received such security awareness training within sixty (60) days and will continue to receive such training on an on-going basis. 4. QCA shall review the security awareness training materials annually, and, where appropriate, update the training to reflect changes in Federal law or HHS guidance, any issues discovered during audits or reviews, and any other relevant developments. C. Reportable Events. 1. QCA shall, upon receiving information that a workforce member may have failed to comply with its Privacy and Security policies and procedures, promptly investigate the matter. If QCA determines, after review and investigation, that a member of its workforce has failed to comply with its Privacy and Security policies and procedures, QCA shall notify HHS in writing within thirty (30) days of its determination. Such violations shall be known as “Reportable Events.” The report to HHS shall include the following: a. A complete description of the event, including the relevant facts, the persons involved, and the provision(s) of QCA’s Privacy and Security policies and procedures implicated; and b. A description of the actions taken and any further steps QCA plans to take to address the matter, to mitigate any harm, and to prevent it from recurring, including the application of appropriate sanctions against workforce members who failed to comply with its Privacy and Security policies and procedures. 2. If no Reportable Events have occurred during the Compliance Term, QCA shall so inform OCR in writing thirty (30) days prior to the conclusion of the Compliance Term.
  • 8. 8 VI. Annual Reports The one-year period beginning on the Effective Date and the following one-year period during the course of the period of compliance obligations shall be referred to as “the Reporting Periods.” QCA shall submit to HHS Annual Reports with respect to the status of and findings regarding QCA’s compliance with this CAP for each of the two Reporting Periods. QCA shall submit each Annual Report to HHS no later than sixty (60) days after the end of each corresponding Reporting Period. The Annual Report shall include: A. A summary of the security measures (addressed in section V.A.) taken during the Reporting Period; B. A summary of any updates to security awareness training (addressed in section V.B.) taken during the Reporting Period; C. A summary of Reportable Events (addressed in section V.C.) identified during the Reporting Period and the status of any corrective and preventative action relating to all such Reportable Events; and D. An attestation signed by an officer of QCA attesting that he or she has reviewed the Annual Report, has made a reasonable inquiry regarding its content, and believes, based upon such inquiry, that the information is accurate and truthful. VII. Document Retention QCA shall maintain for inspection and copying all documents and records relating to compliance with this CAP for six (6) years from the Effective Date. VIII. Breach Provisions QCA is expected to fully and timely comply with all provisions contained in this CAP. A. Timely Written Requests for Extensions. QCA may, in advance of any due date set forth in this CAP, submit a timely written request for an extension of time to perform any act required by this CAP. A “timely written request” is defined as a request in writing received by HHS at least five (5) days prior to the date such an act is required or due to be performed. B. Notice of Breach and Intent to Impose CMP. The Parties agree that a breach of this CAP by QCA constitutes a breach of the Agreement. Upon a determination by HHS that QCA has breached this CAP, HHS may notify QCA of (1) QCA’s breach; and (2) HHS’ intent to impose a civil money penalty (“CMP”), pursuant to 45 C.F.R. Part 160, for the Covered Conduct set forth in paragraph I.2 of the Agreement and for any
  • 9. 9 other conduct that constitutes a violation of the HIPAA Privacy, Security, and Breach Notification Rules (“Notice of Breach and Intent to Impose CMP”). C. QCA Response. QCA shall have thirty (30) days from the date of receipt of the Notice of Breach and Intent to Impose CMP to demonstrate to HHS’ satisfaction that: 1. QCA is in compliance with the obligations of this CAP that HHS cited as the basis for the breach; or 2. the alleged breach has been cured; or 3. the alleged breach cannot be cured within the 30-day period, but that: (a) QCA has begun to take action to cure the breach; (b) QCA is pursuing such action with due diligence; and (c) QCA has provided to HHS a reasonable timetable for curing the breach. D. Imposition of CMP. If at the conclusion of the 30-day period, QCA fails to meet the requirements of section VIII.C of this CAP to HHS’ satisfaction, HHS may proceed with the imposition of the CMP against QCA pursuant to 45 C.F.R. Part 160 for any violations of the Privacy and Security Rules related to the Covered Conduct set forth in paragraph I.2 of the Agreement and for any other act or failure to act that constitutes a violation of the Privacy, Security, or Breach Notification Rules. HHS shall notify QCA in writing of its determination to proceed with the imposition of a CMP. For QCA Health Plan, Inc. /s/ April 11, 2014 ____________________________ ____________ Michael E. Stock Date Chief Executive Officer QCA Health Plan, Inc. For the United States Department of Health and Human Services /s/ April 14, 2014 ____________________________ _____________ Linda Yuu Connor Date Regional Manager, Region X Office for Civil Rights