SlideShare uma empresa Scribd logo

Adult & Pediatric Dermatology, Corrective Action Plan

D
data brackets

Adult & Pediatric Dermatology, P.C., of Concord, Mass., has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules with the Department of Health and Human Services, agreeing to a $150,000 payment. The practice will also be required to implement a corrective action plan to correct deficiencies in its HIPAA compliance program. Adult and Pediatric Dermatology is a private practice that delivers dermatology services in four locations in Massachusetts and two in New Hampshire. This case marks the first settlement with a covered entity for not having policies and procedures in place to address the breach notification provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act, passed as part of American Recovery and Reinvestment Act of 2009 (ARRA). The HHS Office for Civil Rights (OCR) opened an investigation of Adult and Pediatric Dermatology upon receiving a report that an unencrypted thumb drive containing the electronic protected health information (ePHI) of approximately 2,200 individuals was stolen from a vehicle of one its staff members. The thumb drive was never recovered. The investigation revealed that Adult and Pediatric Dermatology had not conducted an accurate and thorough analysis of the potential risks and vulnerabilities to the confidentiality of ePHI as part of its security management process. Further, Adult and Pediatric Dermatology did not fully comply with requirements of the Breach Notification Rule to have in place written policies and procedures and train workforce members. In addition to a $150,000 resolution amount, the settlement includes a corrective action plan requiring Adult and Pediatric Dermatology to develop a risk analysis and risk management plan to address and mitigate any security risks and vulnerabilities, as well as to provide an implementation report to OCR. Download the Corrective Action Plan(CAP) here >> Tips s to providers: Almost all of the HIPAA/HITECH violations identified in the last few years is due to insufficient security risk analysis conducted by the providers or business associates.

Saúde e medicinaTecnologiaNotícias e política
1 de 9
Baixar para ler offline
RESOLUTION AGREEMENT I. Recitals 1. Parties. The Parties to this Resolution Agreement (“Agreement”) are: A. The United States Department of Health and Human Services, Office for Civil Rights (“HHS”), which enforces the Federal Standards for the Privacy of Individually Identifiable Health Information (45 C.F.R. Part 160 and Subparts A and E of Part 164, the “Privacy Rule”); the Security Standards for the Protection of Electronic Protected Health Information (45 C.F.R. Part 160 and Subparts A, and C of 45 C.F.R. Part 164, the “Security Rule”), and the Federal standards for Notification in the Case of Breach of Unsecured Protected Health Information (45 C.F.R. Part 160 and Subparts A and D of 45 C.F.R. Part 164, the “Breach Notification Rule”). HHS has the authority to conduct investigations of complaints alleging violations of the Privacy, Security, and Breach Notification Rules by covered entities, and covered entities must cooperate with HHS’ investigation. 45 C.F.R. §160.306(c) and §160.310(b); and B. Adult & Pediatric Dermatology, P.C. (“Covered Entity”), a covered entity, as defined at 45 C.F.R. § 160.103, and therefore is required to comply with the Privacy, Security, and Breach Notification Rules. The Covered Entity has office locations in Concord, Westford, Marlborough, and Ayer, Massachusetts, and one office in Wolfeboro, New Hampshire. HHS and the Covered Entity shall together be referred to herein as the “Parties.” 2. Factual Background and Covered Conduct. On October 7, 2011, HHS received notification from the Covered Entity regarding a breach of its unsecured electronic protected health information (ePHI). The Covered Entity reported that an unencrypted thumb drive that contained the ePHI relating to the performance of Mohs surgery of approximately 2,200 individuals was stolen from a vehicle of one its workforce members. The thumb drive was never recovered. The Covered Entity notified its patients of the theft of the thumb drive within 30 days of its theft and provided media notice. On November 9, 2011, HHS notified the Covered Entity of HHS’s investigation regarding the Covered Entity’s compliance with the Privacy, Security, and Breach Notification Rules. HHS’s investigation indicated that the following conduct occurred (“Covered Conduct”): (1) The Covered Entity did not conduct an accurate and thorough analysis of the potential risks and vulnerabilities to the confidentiality of ePHI as part of its security management process until October 1, 2012. (2) The Covered Entity did not fully comply with the administrative requirements of the Breach Notification Rule to have written policies and procedures and train members of its workforce regarding the Breach Notification requirements until February 7, 2012. 1
(3) On September 14, 2011, the Covered Entity impermissibly disclosed the ePHI of up to 2,200 individuals by providing an unauthorized individual access to said ePHI for a purpose not permitted by the Privacy Rule when it did not reasonably safeguard an unencrypted thumb drive that was stolen from the unattended vehicle of one its workforce members. 3. No Admission. This Agreement is not an admission of liability by the Covered Entity. 4. No Concession. This Agreement is not a concession by HHS that the Covered Entity is not in violation of the Privacy, Security or Breach Notification Rules and that the Covered Entity is not liable for civil money penalties. 5. Intention of Parties to Effect Resolution. This Agreement is intended to resolve HHS Complaint No. 12-133708, and any violations of the Privacy, Security and Breach Notification Rules for the Covered Conduct specified in paragraph I.2.of this Agreement. In consideration of the Parties’ interest in avoiding the uncertainty, burden and expense of further investigation and formal proceedings, the Parties agree to resolve this matter according to the Terms and Conditions below. II. Terms and Conditions 1. Payment. The Covered Entity agrees to pay HHS the amount of $150,000.00 (“Resolution Amount”), the payment of which shall be made on behalf of the Covered Entity by its shareholders. The payment of the Resolution Amount shall be made on the Effective Date of this Agreement as defined in paragraph II.9 by electronic funds transfer pursuant to written instructions to be provided by HHS. 2. Corrective Action Plan. The Covered Entity has entered into and agrees to comply with the Corrective Action Plan (CAP), attached as Appendix A, which is incorporated into this Agreement by reference. If the Covered Entity breaches the CAP, and fails to cure the breach as set forth in the CAP, then the Covered Entity will be in breach of this Agreement, and HHS will not be subject to the terms and conditions in the Release set forth in paragraph II.3. of this Agreement. 3. Release by HHS. In consideration of and conditioned upon the Covered Entity’s performance of its obligations under this Agreement, HHS releases the Covered Entity from any actions it has or may have against the Covered Entity under the Privacy, Security, and Breach Notification Rules for the Covered Conduct specified -in paragraph I.2. of this Agreement. HHS does not release the Covered Entity from, nor waive any rights, obligations, or causes of action other than those for the Covered Conduct and referred to in this paragraph. This release does not extend to actions that may be brought under section 1177 of the Social Security Act, 42 U.S.C. § 1320d-6. 4. Agreement by Released Party. The Covered Entity shall not contest its obligation to pay, nor the amount of, the Resolution Amount or any other obligations agreed to under this Agreement. The Covered Entity waives all procedural rights granted under section 1128A of the Social Security Act (42 U.S.C. § 1320a-7a), 45 C.F.R. Part 160, Subpart E; and HHS Claims 2
Collection provisions, 45 C.F.R. Part 30, including, but not limited to, notice, hearing, and appeal with respect to the Resolution Amount. 5. Binding on Successors. This Agreement is binding on the Covered Entity and its successors, heirs, transferees, and assigns. 6. Costs. Each Party to this Agreement shall bear its own legal and other costs incurred in connection with this matter, including the preparation and performance of this Agreement. 7. No Additional Releases. This Agreement is intended to be for the benefit of the Parties only, and by this instrument the Parties do not release any claims against any other person or entity. 8. Effect of Agreement. This Agreement constitutes the complete agreement between the Parties. All material representations, understandings, and promises of the Parties are contained in this Agreement. Any modifications to this Agreement must be in writing and signed by both Parties. 9. Execution of Agreement and Effective Date. The Agreement shall become effective (i.e., final and binding) on the date of signing of this Agreement and the CAP by the last signatory (“Effective Date”). 10. Tolling of Statute of Limitations. Pursuant to 42 U.S.C. § 1320a-7a(c)(1), a civil money penalty (“CMP”) must be imposed within six years from the date of the occurrence of the violation. To ensure that this six-year period does not expire during the term of this Agreement, the Covered Entity agrees that the time between the Effective Date of this Agreement and the date this Agreement may be terminated by reason of the Covered Entity’s breach, plus one-year thereafter, will not be included in calculating the six (6) year statute of limitations applicable to the violations which are the subject of this Agreement. The Covered Entity waives and will not plead any statute of limitations, laches, or similar defenses to any actions for the Covered Conduct specified in paragraph I.2. that is filed by HHS within the time period above, except to the extent that such defenses would have been available had an administrative action been filed on the Effective Date of this Agreement. 11. Disclosure. HHS places no restriction on the publication of the Agreement. This Agreement and information related to this Agreement may be made public by either party. In addition, HHS may be required to disclose this Agreement and related material to any person upon request consistent with the applicable provisions of the Freedom of Information Act, 5 U.S.C. § 552, and its implementing regulations, 45 C.F.R. Part 5. 12. Execution in Counterparts. This Agreement may be executed in counterparts, each of which constitutes an original, and all of which shall constitute one and the same agreement. 13. Authorizations. The individual(s) signing this Agreement on behalf of the Covered Entity represents and warrants that it agreed to be bound by the terms of this Agreement and that he/she is authorized to execute this Agreement. The individual signing this Agreement 3
on behalf of HHS represents and warrants that he is signing this Agreement in his official capacity and that he is authorized to execute this Agreement. For Adult & Pediatric Dermatology, P.C. - // - December 24, 2013 Glenn Smith Chief Operating Officer Date For the United States Department of Health and Human Services - // Peter K. Chan Regional Manager, Region I Office for Civil Rights December 24, 2013 Date 4
Appendix A CORRECTIVE ACTION PLAN BETWEEN THE DEPARTMENT OF HEALTH AND HUMAN SERVICES AND ADULT & PEDIATRIC DERMATOLOGY, P.C. I. Preamble Adult & Pediatric Dermatology, P.C. (“the Covered Entity”), hereby enters into this Corrective Action Plan (“CAP”) with the United States Department of Health and Human Services, Office for Civil Rights (“HHS” or “OCR”). Contemporaneously with this CAP, the Covered Entity is entering into a Resolution Agreement (“Agreement”) with HHS, and this CAP is incorporated by reference into the Agreement as Appendix A. The Covered Entity enters into this CAP as part of the consideration for the release in paragraph II.3. of the Agreement. II. Contact Persons and Submissions A. Contact Persons The Covered Entity has identified the following individual as its authorized representative and contact person regarding the implementation of this CAP and for receipt and submission of notifications and reports: Glenn Smith Chief Operating Officer Adult & Pediatric Dermatology 1620 Sudbury Road Concord, MA 01742 HHS has identified the following individual as its contact person with whom the Covered Entity is to report information regarding the implementation of this CAP: Ms. Susan Rhodes, Deputy Regional Manager Office for Civil Rights, Region I Department of Health and Human Services JFK Federal Building, Room 1875 Boston, MA 02203 Susan.Rhodes@hhs.gov Telephone: 617-565-1347 Facsimile: 617-565-3809 1
The Covered Entity and HHS agree to promptly notify each other of any changes in the contact persons or the other information provided above. B. Proof of Submissions. Unless otherwise specified, all notifications and reports required by this CAP may be made by any means, including certified mail, overnight mail, or hand delivery, provided that there is proof that such notification was received. For purposes of this requirement, internal facsimile confirmation sheets do not constitute proof of receipt. III. Effective Date and Term of CAP The Effective Date of this CAP shall be calculated in accordance with paragraph II.9 of the Agreement (“Effective Date”). The period for compliance with the obligations assumed by the Covered Entity under this CAP shall begin on the Effective Date of this CAP and end on the date OCR approves the Implementation Report specified at paragraph VI (“Compliance Term”). Except that after the Compliance Term ends, the Covered Entity shall still be obligated to comply with the document retention requirement in section VII. IV. Time In computing any period of time prescribed or allowed by this CAP, the day of the act, event, or default from which the designated period of time begins to run shall not be included. The last day of the period so computed shall be included, unless it is a Saturday, a Sunday, or a legal holiday, in which event the period runs until the end of the next day that is not one of the aforementioned days. V. Corrective Action Obligations The Covered Entity agrees to the following: A. Security Management Process 1. Within one year following the Effective Date the Covered Entity shall conduct a comprehensive, organizational-wide risk analysis of the ePHI security risks and vulnerabilities that incorporates all of the Covered Entity’s electronic media and systems. 2. The Covered Entity shall develop a risk management plan to address and mitigate any security risks and vulnerabilities following the risk analysis specified in paragraph V.A.1 and, if necessary, revise its present policies and procedures. The risk analysis, risk management plan and any revised policies and procedures shall be forwarded to OCR for review and approval within 60 days of the date the Covered Entity completes the risk management plan. OCR shall approve or, if necessary, require revisions to the Covered Entity’s risk analysis, risk management plan and any policies and procedures specified above in paragraphs V.A.1 and V.A.2. 3. Upon receiving OCR’s notice of required revisions, if any, the Covered Entity shall have 30 days to incorporate the required revisions and provide the revised risk management plan or policies and procedures to OCR for review and approval. If revisions to the Covered Entity’s policies and procedures are required, the Covered Entity shall implement, 2
distribute, and train all appropriate staff members on the revised policies and procedures within 30 calendar days of OCR’s approval, in accordance with its applicable administrative procedures for training. B. Reportable Events 1. During the Compliance Term, the Covered Entity shall, upon receiving information that a workforce member may have failed to comply with any provision of its Privacy, Security, and Breach Notification policies and procedures, promptly investigate the matter. If the Covered Entity, after review and investigation, determines that a member of its workforce has failed to comply with a provision of its Privacy, Security, and Breach Notification policies and procedures, the Covered Entity shall notify OCR in writing within thirty (30) days. Such violations shall be known as “Reportable Events.” The report to OCR shall include the following: a. A complete description of the event, including relevant facts, the persons involved, and the implicated provision(s) of the Covered Entity’s Privacy, Security, and Breach Notification policies and procedures; and b. A description of actions taken and any further steps the Covered Entity plans to take to address the matter, to mitigate the harm, and to prevent it from recurring, including the application of appropriate sanctions against workforce members who failed to comply with its Privacy, Security, and Breach Notification policies and procedures. 2. If no Reportable Events occur during the Compliance Term, the Covered Entity shall advise OCR of this fact in the Implementation Report. VI. IMPLEMENTATION REPORT A. Within 60 days after receiving OCR’s approval of the risk analysis, risk management plan and any revised policies and procedures consistent with paragraph V.A.3, the Covered Entity shall submit a written report to OCR for review and approval (“Implementation Report”). The Implementation Report shall include: 1. An explanation of how the Covered Entity implemented its security management process consistent with paragraphs V.A.1, V.A.2, and V.A.3 above, focusing specifically on how The Covered Entity determined whether its policies and procedures should be revised based on the risks and vulnerabilities identified in the risk analysis. 2. If revisions to the Covered Entity’s policies and procedures were necessary, an attestation signed by an officer of the Covered Entity attesting that any revised policies and procedures have been fully implemented and distributed to all appropriate members of the workforce consistent with the requirements in paragraph V.A.3; 3
3. If revisions to the Covered Entity’s policies and procedures were necessary, an attestation signed by an officer of the Covered Entity attesting that all appropriate members of the workforce have completed training on any revised policies and procedures consistent with the requirements in paragraph V.A.3; 4. A summary of Reportable Events and the status of any corrective and preventative action(s) relating to all such Reportable Events. 5. An attestation signed by an officer of the Covered Entity stating that he or she has reviewed the Implementation Report, has made a reasonable inquiry regarding its content and believes that, upon such inquiry, the information is accurate and truthful. VII. Document Retention The Covered Entity shall maintain for inspection and copying all documents and records relating to compliance with this CAP for 3 years from the Effective Date. VIII. Breach Provisions The Covered Entity is expected to fully and timely comply with all provisions contained in this CAP. A. Timely Written Requests for Extensions. The Covered Entity may, in advance of any due date in this CAP, submit a timely written request for an extension of time to perform any act required by this CAP. A “timely written request” is defined as a request in writing received by HHS at least 5 days prior to the date such an act is required or due to be performed. B. Notice of Breach and Intent to Impose CMP. The Parties agree that a breach of this CAP by the Covered Entity constitutes a breach of the Agreement. Upon a determination by HHS that The Covered Entity has breached this CAP, HHS may notify the Covered Entity of (1) the Covered Entity’s breach; and (2) HHS’ intent to impose a civil monetary penalty (CMP), pursuant to 45 C.F.R. Part 160, for the Covered Conduct in paragraph I.2. of the Agreement and for any other conduct that constitutes a violation of the HIPAA Privacy, Security, and Breach Notification Rules (“Notice of Breach and Intent to Impose CMP”). C. The Covered Entity Response. The Covered Entity shall have 30 days from the date of receipt of the Notice of Breach and Intent to Impose CMP to demonstrate to HHS’ satisfaction that: 1. the Covered Entity is in compliance with the obligations of this CAP that HHS cited as the basis for the breach; 2. the alleged breach has been cured; or 3. the alleged breach cannot be cured within the 30-day period, but that: (a) the Covered Entity has begun to take action to cure the breach; (b) the Covered Entity is 4
pursuing such action with due diligence; and (c) the Covered Entity has provided to HHS a reasonable timetable for curing the breach. D. Imposition of CMP. If at the conclusion of the 30-day period, the Covered Entity fails to meet the requirements of section VIII.C. to HHS’ satisfaction, HHS may proceed with the imposition of the CMP against the Covered Entity pursuant to 45 C.F.R. Part 160 for any violations of the Privacy, Security, and Breach Notification Rules for the Covered Conduct in paragraph I.2. of the Agreement and for any other act or failure to act that constitutes a violation of the HIPAA Privacy, Security and Breach Notification Rules. HHS shall notify the Covered Entity in writing of its determination to proceed with the imposition of a CMP. For Adult & Pediatric Dermatology, P.C. Glenn Smith Chief Operating Officer Date For the United States Department of Health and Human Services Peter K. Chan Regional Manager, Region I Office for Civil Rights Date 5

Recomendados

DHHS OCR data breach resolution agreement
DHHS OCR data breach resolution agreementDHHS OCR data breach resolution agreement
DHHS OCR data breach resolution agreementDavid Sweigert
 
Qca agreement
Qca agreementQca agreement
Qca agreementdata brackets
 
HIPAA Security Rule consent agreement with OCR
HIPAA Security Rule consent agreement with OCRHIPAA Security Rule consent agreement with OCR
HIPAA Security Rule consent agreement with OCRDavid Sweigert
 
Shasta agreement
Shasta agreementShasta agreement
Shasta agreementdata brackets
 
Cancer Care Group HIPAA Settlement Agreement
Cancer Care Group HIPAA Settlement AgreementCancer Care Group HIPAA Settlement Agreement
Cancer Care Group HIPAA Settlement Agreementdata brackets
 
Oregon Health & Science University HIPAA Fines
Oregon Health & Science University HIPAA FinesOregon Health & Science University HIPAA Fines
Oregon Health & Science University HIPAA Finesdata brackets
 
Catholic Health Care Services Resolution Agreement and Corrective Action Plan
Catholic Health Care Services Resolution Agreement and Corrective Action PlanCatholic Health Care Services Resolution Agreement and Corrective Action Plan
Catholic Health Care Services Resolution Agreement and Corrective Action PlanAlex Slaney
 
Affinity agreement
Affinity agreementAffinity agreement
Affinity agreementdata brackets
 

Recomendados

DHHS OCR data breach resolution agreement
DHHS OCR data breach resolution agreementDHHS OCR data breach resolution agreement
DHHS OCR data breach resolution agreementDavid Sweigert
 
Qca agreement
Qca agreementQca agreement
Qca agreementdata brackets
 
HIPAA Security Rule consent agreement with OCR
HIPAA Security Rule consent agreement with OCRHIPAA Security Rule consent agreement with OCR
HIPAA Security Rule consent agreement with OCRDavid Sweigert
 
Shasta agreement
Shasta agreementShasta agreement
Shasta agreementdata brackets
 
Cancer Care Group HIPAA Settlement Agreement
Cancer Care Group HIPAA Settlement AgreementCancer Care Group HIPAA Settlement Agreement
Cancer Care Group HIPAA Settlement Agreementdata brackets
 
Oregon Health & Science University HIPAA Fines
Oregon Health & Science University HIPAA FinesOregon Health & Science University HIPAA Fines
Oregon Health & Science University HIPAA Finesdata brackets
 
Catholic Health Care Services Resolution Agreement and Corrective Action Plan
Catholic Health Care Services Resolution Agreement and Corrective Action PlanCatholic Health Care Services Resolution Agreement and Corrective Action Plan
Catholic Health Care Services Resolution Agreement and Corrective Action PlanAlex Slaney
 
Affinity agreement
Affinity agreementAffinity agreement
Affinity agreementdata brackets
 
North memorial ra and cap march 2016 (508)
North memorial ra and cap march 2016 (508)North memorial ra and cap march 2016 (508)
North memorial ra and cap march 2016 (508)Alex Slaney
 
HONI HIPAA Breach Resolution Agreement
HONI HIPAA Breach Resolution AgreementHONI HIPAA Breach Resolution Agreement
HONI HIPAA Breach Resolution Agreementdata brackets
 
Concentra agreement
Concentra agreementConcentra agreement
Concentra agreementdata brackets
 
Raleigh Orthopedic RA and CAP April 2016
Raleigh Orthopedic RA and CAP April 2016Raleigh Orthopedic RA and CAP April 2016
Raleigh Orthopedic RA and CAP April 2016Alex Slaney
 
Presence Health Resolution Agreement with OCR
Presence Health Resolution Agreement with OCRPresence Health Resolution Agreement with OCR
Presence Health Resolution Agreement with OCRdata brackets
 
NYP RA and CAP april 2016
NYP RA and CAP april 2016 NYP RA and CAP april 2016
NYP RA and CAP april 2016 data brackets
 
Parkview HIPAA Settlement - Resolution Agreement
Parkview HIPAA Settlement - Resolution AgreementParkview HIPAA Settlement - Resolution Agreement
Parkview HIPAA Settlement - Resolution Agreementdata brackets
 
HIPAA Settlement New York Presbyterian and Columbia Universtiy
HIPAA Settlement New York Presbyterian and Columbia UniverstiyHIPAA Settlement New York Presbyterian and Columbia Universtiy
HIPAA Settlement New York Presbyterian and Columbia Universtiydata brackets
 
Skagit county- HIPAA violation settlement agreement with HHS
Skagit county- HIPAA violation settlement agreement with HHSSkagit county- HIPAA violation settlement agreement with HHS
Skagit county- HIPAA violation settlement agreement with HHSdata brackets
 
Oakland Housing Authority Legal Services Contract For General Counsel This
Oakland Housing Authority Legal Services Contract For General Counsel ThisOakland Housing Authority Legal Services Contract For General Counsel This
Oakland Housing Authority Legal Services Contract For General Counsel Thislegal3
 
Michele Isaak - Insolvent Estates
Michele Isaak - Insolvent EstatesMichele Isaak - Insolvent Estates
Michele Isaak - Insolvent EstatesEstate Planning Council of Abbotsford
 
Understanding New York No Fault
Understanding New York No FaultUnderstanding New York No Fault
Understanding New York No Faultmccormick
 
CGL Coverage Form -- Coverage A (from FC&S Legal: The Insurance Coverage Law ...
CGL Coverage Form -- Coverage A (from FC&S Legal: The Insurance Coverage Law ...CGL Coverage Form -- Coverage A (from FC&S Legal: The Insurance Coverage Law ...
CGL Coverage Form -- Coverage A (from FC&S Legal: The Insurance Coverage Law ...NationalUnderwriter
 
Cancellation of removal in immigration court
Cancellation of removal in immigration courtCancellation of removal in immigration court
Cancellation of removal in immigration courtUmesh Heendeniya
 
2013 mutual aid_city_of_mc_kinney_fire_department_and_collin_county
2013 mutual aid_city_of_mc_kinney_fire_department_and_collin_county2013 mutual aid_city_of_mc_kinney_fire_department_and_collin_county
2013 mutual aid_city_of_mc_kinney_fire_department_and_collin_countyrath4thekids
 
Tools for Financing Brownfields - Corrective Action Plan
Tools for Financing Brownfields - Corrective Action PlanTools for Financing Brownfields - Corrective Action Plan
Tools for Financing Brownfields - Corrective Action PlanDouglass Selby
 
New Roles of Human Resources
New Roles of Human ResourcesNew Roles of Human Resources
New Roles of Human ResourcesMaryrose Amparo
 
Closed Loop Corrective Action
Closed Loop Corrective ActionClosed Loop Corrective Action
Closed Loop Corrective ActionLee Hanxue
 
CAPA Training Presentation
CAPA Training PresentationCAPA Training Presentation
CAPA Training PresentationNancy Watts
 
Kpo Market Analysis In India
Kpo Market Analysis In IndiaKpo Market Analysis In India
Kpo Market Analysis In IndiaPreeti Anand
 
Slideshare.Com Powerpoint
Slideshare.Com PowerpointSlideshare.Com Powerpoint
Slideshare.Com Powerpointguested929b
 
HIPAA Violation Fines: North memorial Hospistal Settlement
HIPAA Violation Fines: North memorial Hospistal Settlement HIPAA Violation Fines: North memorial Hospistal Settlement
HIPAA Violation Fines: North memorial Hospistal Settlement data brackets
 

Mais conteúdo relacionado

Mais procurados

North memorial ra and cap march 2016 (508)
North memorial ra and cap march 2016 (508)North memorial ra and cap march 2016 (508)
North memorial ra and cap march 2016 (508)Alex Slaney
 
HONI HIPAA Breach Resolution Agreement
HONI HIPAA Breach Resolution AgreementHONI HIPAA Breach Resolution Agreement
HONI HIPAA Breach Resolution Agreementdata brackets
 
Raleigh Orthopedic RA and CAP April 2016
Raleigh Orthopedic RA and CAP April 2016Raleigh Orthopedic RA and CAP April 2016
Raleigh Orthopedic RA and CAP April 2016Alex Slaney
 
Presence Health Resolution Agreement with OCR
Presence Health Resolution Agreement with OCRPresence Health Resolution Agreement with OCR
Presence Health Resolution Agreement with OCRdata brackets
 
NYP RA and CAP april 2016
NYP RA and CAP april 2016 NYP RA and CAP april 2016
NYP RA and CAP april 2016 data brackets
 
Parkview HIPAA Settlement - Resolution Agreement
Parkview HIPAA Settlement - Resolution AgreementParkview HIPAA Settlement - Resolution Agreement
Parkview HIPAA Settlement - Resolution Agreementdata brackets
 
HIPAA Settlement New York Presbyterian and Columbia Universtiy
HIPAA Settlement New York Presbyterian and Columbia UniverstiyHIPAA Settlement New York Presbyterian and Columbia Universtiy
HIPAA Settlement New York Presbyterian and Columbia Universtiydata brackets
 
Skagit county- HIPAA violation settlement agreement with HHS
Skagit county- HIPAA violation settlement agreement with HHSSkagit county- HIPAA violation settlement agreement with HHS
Skagit county- HIPAA violation settlement agreement with HHSdata brackets
 
Oakland Housing Authority Legal Services Contract For General Counsel This
Oakland Housing Authority Legal Services Contract For General Counsel ThisOakland Housing Authority Legal Services Contract For General Counsel This
Oakland Housing Authority Legal Services Contract For General Counsel Thislegal3
 
Understanding New York No Fault
Understanding New York No FaultUnderstanding New York No Fault
Understanding New York No Faultmccormick
 
CGL Coverage Form -- Coverage A (from FC&S Legal: The Insurance Coverage Law ...
CGL Coverage Form -- Coverage A (from FC&S Legal: The Insurance Coverage Law ...CGL Coverage Form -- Coverage A (from FC&S Legal: The Insurance Coverage Law ...
CGL Coverage Form -- Coverage A (from FC&S Legal: The Insurance Coverage Law ...NationalUnderwriter
 
Cancellation of removal in immigration court
Cancellation of removal in immigration courtCancellation of removal in immigration court
Cancellation of removal in immigration courtUmesh Heendeniya
 
2013 mutual aid_city_of_mc_kinney_fire_department_and_collin_county
2013 mutual aid_city_of_mc_kinney_fire_department_and_collin_county2013 mutual aid_city_of_mc_kinney_fire_department_and_collin_county
2013 mutual aid_city_of_mc_kinney_fire_department_and_collin_countyrath4thekids
 

Mais procurados (15)

North memorial ra and cap march 2016 (508)
North memorial ra and cap march 2016 (508)North memorial ra and cap march 2016 (508)
North memorial ra and cap march 2016 (508)
 
HONI HIPAA Breach Resolution Agreement
HONI HIPAA Breach Resolution AgreementHONI HIPAA Breach Resolution Agreement
HONI HIPAA Breach Resolution Agreement
 
Concentra agreement
Concentra agreementConcentra agreement
Concentra agreement
 
Raleigh Orthopedic RA and CAP April 2016
Raleigh Orthopedic RA and CAP April 2016Raleigh Orthopedic RA and CAP April 2016
Raleigh Orthopedic RA and CAP April 2016
 
Presence Health Resolution Agreement with OCR
Presence Health Resolution Agreement with OCRPresence Health Resolution Agreement with OCR
Presence Health Resolution Agreement with OCR
 
NYP RA and CAP april 2016
NYP RA and CAP april 2016 NYP RA and CAP april 2016
NYP RA and CAP april 2016
 
Parkview HIPAA Settlement - Resolution Agreement
Parkview HIPAA Settlement - Resolution AgreementParkview HIPAA Settlement - Resolution Agreement
Parkview HIPAA Settlement - Resolution Agreement
 
HIPAA Settlement New York Presbyterian and Columbia Universtiy
HIPAA Settlement New York Presbyterian and Columbia UniverstiyHIPAA Settlement New York Presbyterian and Columbia Universtiy
HIPAA Settlement New York Presbyterian and Columbia Universtiy
 
Skagit county- HIPAA violation settlement agreement with HHS
Skagit county- HIPAA violation settlement agreement with HHSSkagit county- HIPAA violation settlement agreement with HHS
Skagit county- HIPAA violation settlement agreement with HHS
 
Oakland Housing Authority Legal Services Contract For General Counsel This
Oakland Housing Authority Legal Services Contract For General Counsel ThisOakland Housing Authority Legal Services Contract For General Counsel This
Oakland Housing Authority Legal Services Contract For General Counsel This
 
Michele Isaak - Insolvent Estates
Michele Isaak - Insolvent EstatesMichele Isaak - Insolvent Estates
Michele Isaak - Insolvent Estates
 
Understanding New York No Fault
Understanding New York No FaultUnderstanding New York No Fault
Understanding New York No Fault
 
CGL Coverage Form -- Coverage A (from FC&S Legal: The Insurance Coverage Law ...
CGL Coverage Form -- Coverage A (from FC&S Legal: The Insurance Coverage Law ...CGL Coverage Form -- Coverage A (from FC&S Legal: The Insurance Coverage Law ...
CGL Coverage Form -- Coverage A (from FC&S Legal: The Insurance Coverage Law ...
 
Cancellation of removal in immigration court
Cancellation of removal in immigration courtCancellation of removal in immigration court
Cancellation of removal in immigration court
 
2013 mutual aid_city_of_mc_kinney_fire_department_and_collin_county
2013 mutual aid_city_of_mc_kinney_fire_department_and_collin_county2013 mutual aid_city_of_mc_kinney_fire_department_and_collin_county
2013 mutual aid_city_of_mc_kinney_fire_department_and_collin_county
 

Destaque

Tools for Financing Brownfields - Corrective Action Plan
Tools for Financing Brownfields - Corrective Action PlanTools for Financing Brownfields - Corrective Action Plan
Tools for Financing Brownfields - Corrective Action PlanDouglass Selby
 
New Roles of Human Resources
New Roles of Human ResourcesNew Roles of Human Resources
New Roles of Human ResourcesMaryrose Amparo
 
Closed Loop Corrective Action
Closed Loop Corrective ActionClosed Loop Corrective Action
Closed Loop Corrective ActionLee Hanxue
 
CAPA Training Presentation
CAPA Training PresentationCAPA Training Presentation
CAPA Training PresentationNancy Watts
 
Kpo Market Analysis In India
Kpo Market Analysis In IndiaKpo Market Analysis In India
Kpo Market Analysis In IndiaPreeti Anand
 
Slideshare.Com Powerpoint
Slideshare.Com PowerpointSlideshare.Com Powerpoint
Slideshare.Com Powerpointguested929b
 

Destaque (6)

Tools for Financing Brownfields - Corrective Action Plan
Tools for Financing Brownfields - Corrective Action PlanTools for Financing Brownfields - Corrective Action Plan
Tools for Financing Brownfields - Corrective Action Plan
 
New Roles of Human Resources
New Roles of Human ResourcesNew Roles of Human Resources
New Roles of Human Resources
 
Closed Loop Corrective Action
Closed Loop Corrective ActionClosed Loop Corrective Action
Closed Loop Corrective Action
 
CAPA Training Presentation
CAPA Training PresentationCAPA Training Presentation
CAPA Training Presentation
 
Kpo Market Analysis In India
Kpo Market Analysis In IndiaKpo Market Analysis In India
Kpo Market Analysis In India
 
Slideshare.Com Powerpoint
Slideshare.Com PowerpointSlideshare.Com Powerpoint
Slideshare.Com Powerpoint
 

Semelhante a Adult & Pediatric Dermatology, Corrective Action Plan

HIPAA Violation Fines: North memorial Hospistal Settlement
HIPAA Violation Fines: North memorial Hospistal Settlement HIPAA Violation Fines: North memorial Hospistal Settlement
HIPAA Violation Fines: North memorial Hospistal Settlement data brackets
 
North memorial resolution agreement
North memorial resolution agreementNorth memorial resolution agreement
North memorial resolution agreementAlex Slaney
 
NYP RA and Cap april 2016
NYP RA and Cap april 2016 NYP RA and Cap april 2016
NYP RA and Cap april 2016 data brackets
 
Catholic Health Care Services Resolution Agreement
Catholic Health Care Services Resolution Agreement Catholic Health Care Services Resolution Agreement
Catholic Health Care Services Resolution Agreement data brackets
 
Raleigh Orthopedic RA and CAP April 2016
Raleigh Orthopedic RA and CAP April 2016Raleigh Orthopedic RA and CAP April 2016
Raleigh Orthopedic RA and CAP April 2016data brackets
 
First HIPAA enforcement action for lack of timely breach notification settles...
First HIPAA enforcement action for lack of timely breach notification settles...First HIPAA enforcement action for lack of timely breach notification settles...
First HIPAA enforcement action for lack of timely breach notification settles...David Sweigert
 
Item # 10 Catto & Catto to HUB Insurance Broker Assignment
Item # 10 Catto & Catto to HUB Insurance Broker AssignmentItem # 10 Catto & Catto to HUB Insurance Broker Assignment
Item # 10 Catto & Catto to HUB Insurance Broker Assignmentahcitycouncil
 
Massachusetts Eye and Ear Infirmary HIPAA Violation
Massachusetts Eye and Ear Infirmary HIPAA ViolationMassachusetts Eye and Ear Infirmary HIPAA Violation
Massachusetts Eye and Ear Infirmary HIPAA Violationdata brackets
 
Mediation Order New England Compounding Pharmacy
Mediation Order New England Compounding Pharmacy Mediation Order New England Compounding Pharmacy
Mediation Order New England Compounding Pharmacy mzamoralaw
 
FILLABLE Bilateral TEMPLATE PARXTC Strategic Alliance Coalition MoU v20220301
FILLABLE Bilateral TEMPLATE PARXTC Strategic Alliance Coalition MoU v20220301FILLABLE Bilateral TEMPLATE PARXTC Strategic Alliance Coalition MoU v20220301
FILLABLE Bilateral TEMPLATE PARXTC Strategic Alliance Coalition MoU v20220301Andrew Networks
 
FCS 3450 HOMEWORK #41.Thomas Franklin arrived at the following t.docx
FCS 3450 HOMEWORK #41.Thomas Franklin arrived at the following t.docxFCS 3450 HOMEWORK #41.Thomas Franklin arrived at the following t.docx
FCS 3450 HOMEWORK #41.Thomas Franklin arrived at the following t.docxmydrynan
 
17 stipulation to dismiss with prejudice and order
17 stipulation to dismiss with prejudice and order17 stipulation to dismiss with prejudice and order
17 stipulation to dismiss with prejudice and orderHonolulu Civil Beat
 
FILLABLE Bilateral TEMPLATE PARXTC Strategic Alliance Coalition MoU v20220424
FILLABLE Bilateral TEMPLATE PARXTC Strategic Alliance Coalition MoU v20220424FILLABLE Bilateral TEMPLATE PARXTC Strategic Alliance Coalition MoU v20220424
FILLABLE Bilateral TEMPLATE PARXTC Strategic Alliance Coalition MoU v20220424Andrew Networks
 
Bussiness associate agreementba 100213173228-phpapp02
Bussiness associate agreementba 100213173228-phpapp02Bussiness associate agreementba 100213173228-phpapp02
Bussiness associate agreementba 100213173228-phpapp02Donald M. Kaesser
 
EasyNDA Mutual Non Disclosure Agreement printable_v1
EasyNDA Mutual Non Disclosure Agreement printable_v1EasyNDA Mutual Non Disclosure Agreement printable_v1
EasyNDA Mutual Non Disclosure Agreement printable_v1Crick Waters
 
IIAC Young Agents - Protecting Your Insureds\' Private Information
IIAC Young Agents - Protecting Your Insureds\' Private InformationIIAC Young Agents - Protecting Your Insureds\' Private Information
IIAC Young Agents - Protecting Your Insureds\' Private InformationJason Hoeppner
 
Mutual nda innoppl 2015
Mutual nda innoppl 2015Mutual nda innoppl 2015
Mutual nda innoppl 2015Nash Ogden
 
Startup Squad
Startup Squad Startup Squad
Startup Squad Nigel2k12
 

Semelhante a Adult & Pediatric Dermatology, Corrective Action Plan (20)

HIPAA Violation Fines: North memorial Hospistal Settlement
HIPAA Violation Fines: North memorial Hospistal Settlement HIPAA Violation Fines: North memorial Hospistal Settlement
HIPAA Violation Fines: North memorial Hospistal Settlement
 
North memorial resolution agreement
North memorial resolution agreementNorth memorial resolution agreement
North memorial resolution agreement
 
NYP RA and Cap april 2016
NYP RA and Cap april 2016 NYP RA and Cap april 2016
NYP RA and Cap april 2016
 
Catholic Health Care Services Resolution Agreement
Catholic Health Care Services Resolution Agreement Catholic Health Care Services Resolution Agreement
Catholic Health Care Services Resolution Agreement
 
Raleigh Orthopedic RA and CAP April 2016
Raleigh Orthopedic RA and CAP April 2016Raleigh Orthopedic RA and CAP April 2016
Raleigh Orthopedic RA and CAP April 2016
 
First HIPAA enforcement action for lack of timely breach notification settles...
First HIPAA enforcement action for lack of timely breach notification settles...First HIPAA enforcement action for lack of timely breach notification settles...
First HIPAA enforcement action for lack of timely breach notification settles...
 
Rokita Non-Disclosure Agreement
Rokita Non-Disclosure AgreementRokita Non-Disclosure Agreement
Rokita Non-Disclosure Agreement
 
Item # 10 Catto & Catto to HUB Insurance Broker Assignment
Item # 10 Catto & Catto to HUB Insurance Broker AssignmentItem # 10 Catto & Catto to HUB Insurance Broker Assignment
Item # 10 Catto & Catto to HUB Insurance Broker Assignment
 
Massachusetts Eye and Ear Infirmary HIPAA Violation
Massachusetts Eye and Ear Infirmary HIPAA ViolationMassachusetts Eye and Ear Infirmary HIPAA Violation
Massachusetts Eye and Ear Infirmary HIPAA Violation
 
Mediation Order New England Compounding Pharmacy
Mediation Order New England Compounding Pharmacy Mediation Order New England Compounding Pharmacy
Mediation Order New England Compounding Pharmacy
 
Acordo odebrecht-doj-merged
Acordo odebrecht-doj-mergedAcordo odebrecht-doj-merged
Acordo odebrecht-doj-merged
 
FILLABLE Bilateral TEMPLATE PARXTC Strategic Alliance Coalition MoU v20220301
FILLABLE Bilateral TEMPLATE PARXTC Strategic Alliance Coalition MoU v20220301FILLABLE Bilateral TEMPLATE PARXTC Strategic Alliance Coalition MoU v20220301
FILLABLE Bilateral TEMPLATE PARXTC Strategic Alliance Coalition MoU v20220301
 
FCS 3450 HOMEWORK #41.Thomas Franklin arrived at the following t.docx
FCS 3450 HOMEWORK #41.Thomas Franklin arrived at the following t.docxFCS 3450 HOMEWORK #41.Thomas Franklin arrived at the following t.docx
FCS 3450 HOMEWORK #41.Thomas Franklin arrived at the following t.docx
 
17 stipulation to dismiss with prejudice and order
17 stipulation to dismiss with prejudice and order17 stipulation to dismiss with prejudice and order
17 stipulation to dismiss with prejudice and order
 
FILLABLE Bilateral TEMPLATE PARXTC Strategic Alliance Coalition MoU v20220424
FILLABLE Bilateral TEMPLATE PARXTC Strategic Alliance Coalition MoU v20220424FILLABLE Bilateral TEMPLATE PARXTC Strategic Alliance Coalition MoU v20220424
FILLABLE Bilateral TEMPLATE PARXTC Strategic Alliance Coalition MoU v20220424
 
Bussiness associate agreementba 100213173228-phpapp02
Bussiness associate agreementba 100213173228-phpapp02Bussiness associate agreementba 100213173228-phpapp02
Bussiness associate agreementba 100213173228-phpapp02
 
EasyNDA Mutual Non Disclosure Agreement printable_v1
EasyNDA Mutual Non Disclosure Agreement printable_v1EasyNDA Mutual Non Disclosure Agreement printable_v1
EasyNDA Mutual Non Disclosure Agreement printable_v1
 
IIAC Young Agents - Protecting Your Insureds\' Private Information
IIAC Young Agents - Protecting Your Insureds\' Private InformationIIAC Young Agents - Protecting Your Insureds\' Private Information
IIAC Young Agents - Protecting Your Insureds\' Private Information
 
Mutual nda innoppl 2015
Mutual nda innoppl 2015Mutual nda innoppl 2015
Mutual nda innoppl 2015
 
Startup Squad
Startup Squad Startup Squad
Startup Squad
 

Mais de data brackets

Prepayment Audit Suggested Documentation
Prepayment Audit Suggested DocumentationPrepayment Audit Suggested Documentation
Prepayment Audit Suggested Documentationdata brackets
 
Lincare HIPAA remediated decision by administrative judge
Lincare HIPAA remediated decision by administrative judgeLincare HIPAA remediated decision by administrative judge
Lincare HIPAA remediated decision by administrative judgedata brackets
 
Lincare HIPAA Notice of Proposed Determination remediated
Lincare HIPAA Notice of Proposed Determination remediatedLincare HIPAA Notice of Proposed Determination remediated
Lincare HIPAA Notice of Proposed Determination remediateddata brackets
 
Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule and ...
Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule and ...Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule and ...
Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule and ...data brackets
 
Office of Inspector General Study on OCR's HIPAA audit program
Office of Inspector General Study on OCR's HIPAA audit programOffice of Inspector General Study on OCR's HIPAA audit program
Office of Inspector General Study on OCR's HIPAA audit programdata brackets
 
EHR meaningful use security risk assessment sample document
EHR meaningful use security risk assessment sample documentEHR meaningful use security risk assessment sample document
EHR meaningful use security risk assessment sample documentdata brackets
 
OCR HHS HIPAA HITECH Audit Advisory Template
OCR HHS HIPAA HITECH Audit Advisory TemplateOCR HHS HIPAA HITECH Audit Advisory Template
OCR HHS HIPAA HITECH Audit Advisory Templatedata brackets
 
HIPAA HITECH Compliance Assurance Template
HIPAA HITECH Compliance Assurance TemplateHIPAA HITECH Compliance Assurance Template
HIPAA HITECH Compliance Assurance Templatedata brackets
 
Trends and Career Opportunities in Health IT
Trends and Career Opportunities in Health ITTrends and Career Opportunities in Health IT
Trends and Career Opportunities in Health ITdata brackets
 
Mobile devices and applications in healthcare: Security and Compliance Risks
Mobile devices and applications in healthcare: Security and Compliance RisksMobile devices and applications in healthcare: Security and Compliance Risks
Mobile devices and applications in healthcare: Security and Compliance Risksdata brackets
 
Business Associate Assurance: What Covered Entities Need to Know
Business Associate Assurance: What Covered Entities Need to KnowBusiness Associate Assurance: What Covered Entities Need to Know
Business Associate Assurance: What Covered Entities Need to Knowdata brackets
 
Social Media Compliance for Healthcare Professionals
Social Media Compliance for Healthcare ProfessionalsSocial Media Compliance for Healthcare Professionals
Social Media Compliance for Healthcare Professionalsdata brackets
 
HIPAA HiTech Security Assessment
HIPAA HiTech Security AssessmentHIPAA HiTech Security Assessment
HIPAA HiTech Security Assessmentdata brackets
 

Mais de data brackets (13)

Prepayment Audit Suggested Documentation
Prepayment Audit Suggested DocumentationPrepayment Audit Suggested Documentation
Prepayment Audit Suggested Documentation
 
Lincare HIPAA remediated decision by administrative judge
Lincare HIPAA remediated decision by administrative judgeLincare HIPAA remediated decision by administrative judge
Lincare HIPAA remediated decision by administrative judge
 
Lincare HIPAA Notice of Proposed Determination remediated
Lincare HIPAA Notice of Proposed Determination remediatedLincare HIPAA Notice of Proposed Determination remediated
Lincare HIPAA Notice of Proposed Determination remediated
 
Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule and ...
Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule and ...Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule and ...
Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule and ...
 
Office of Inspector General Study on OCR's HIPAA audit program
Office of Inspector General Study on OCR's HIPAA audit programOffice of Inspector General Study on OCR's HIPAA audit program
Office of Inspector General Study on OCR's HIPAA audit program
 
EHR meaningful use security risk assessment sample document
EHR meaningful use security risk assessment sample documentEHR meaningful use security risk assessment sample document
EHR meaningful use security risk assessment sample document
 
OCR HHS HIPAA HITECH Audit Advisory Template
OCR HHS HIPAA HITECH Audit Advisory TemplateOCR HHS HIPAA HITECH Audit Advisory Template
OCR HHS HIPAA HITECH Audit Advisory Template
 
HIPAA HITECH Compliance Assurance Template
HIPAA HITECH Compliance Assurance TemplateHIPAA HITECH Compliance Assurance Template
HIPAA HITECH Compliance Assurance Template
 
Trends and Career Opportunities in Health IT
Trends and Career Opportunities in Health ITTrends and Career Opportunities in Health IT
Trends and Career Opportunities in Health IT
 
Mobile devices and applications in healthcare: Security and Compliance Risks
Mobile devices and applications in healthcare: Security and Compliance RisksMobile devices and applications in healthcare: Security and Compliance Risks
Mobile devices and applications in healthcare: Security and Compliance Risks
 
Business Associate Assurance: What Covered Entities Need to Know
Business Associate Assurance: What Covered Entities Need to KnowBusiness Associate Assurance: What Covered Entities Need to Know
Business Associate Assurance: What Covered Entities Need to Know
 
Social Media Compliance for Healthcare Professionals
Social Media Compliance for Healthcare ProfessionalsSocial Media Compliance for Healthcare Professionals
Social Media Compliance for Healthcare Professionals
 
HIPAA HiTech Security Assessment
HIPAA HiTech Security AssessmentHIPAA HiTech Security Assessment
HIPAA HiTech Security Assessment
 

Último

VIP Call Girls Mumbai Arpita 9910780858 Independent Escort Service Mumbai
VIP Call Girls Mumbai Arpita 9910780858 Independent Escort Service MumbaiVIP Call Girls Mumbai Arpita 9910780858 Independent Escort Service Mumbai
VIP Call Girls Mumbai Arpita 9910780858 Independent Escort Service Mumbaisonalikaur4
 
Pharmaceutical Marketting: Unit-5, Pricing
Pharmaceutical Marketting: Unit-5, PricingPharmaceutical Marketting: Unit-5, Pricing
Pharmaceutical Marketting: Unit-5, PricingArunagarwal328757
 
Call Girls Electronic City Just Call 7001305949 Top Class Call Girl Service A...
Call Girls Electronic City Just Call 7001305949 Top Class Call Girl Service A...Call Girls Electronic City Just Call 7001305949 Top Class Call Girl Service A...
Call Girls Electronic City Just Call 7001305949 Top Class Call Girl Service A...narwatsonia7
 
Asthma Review - GINA guidelines summary 2024
Asthma Review - GINA guidelines summary 2024Asthma Review - GINA guidelines summary 2024
Asthma Review - GINA guidelines summary 2024Gabriel Guevara MD
 
Call Girls Hsr Layout Just Call 7001305949 Top Class Call Girl Service Available
Call Girls Hsr Layout Just Call 7001305949 Top Class Call Girl Service AvailableCall Girls Hsr Layout Just Call 7001305949 Top Class Call Girl Service Available
Call Girls Hsr Layout Just Call 7001305949 Top Class Call Girl Service Availablenarwatsonia7
 
Russian Call Girls Chickpet - 7001305949 Booking and charges genuine rate for...
Russian Call Girls Chickpet - 7001305949 Booking and charges genuine rate for...Russian Call Girls Chickpet - 7001305949 Booking and charges genuine rate for...
Russian Call Girls Chickpet - 7001305949 Booking and charges genuine rate for...narwatsonia7
 
Call Girl Lucknow Mallika 7001305949 Independent Escort Service Lucknow
Call Girl Lucknow Mallika 7001305949 Independent Escort Service LucknowCall Girl Lucknow Mallika 7001305949 Independent Escort Service Lucknow
Call Girl Lucknow Mallika 7001305949 Independent Escort Service Lucknownarwatsonia7
 
Call Girl Koramangala | 7001305949 At Low Cost Cash Payment Booking
Call Girl Koramangala | 7001305949 At Low Cost Cash Payment BookingCall Girl Koramangala | 7001305949 At Low Cost Cash Payment Booking
Call Girl Koramangala | 7001305949 At Low Cost Cash Payment Bookingnarwatsonia7
 
Kolkata Call Girls Services 9907093804 @24x7 High Class Babes Here Call Now
Kolkata Call Girls Services 9907093804 @24x7 High Class Babes Here Call NowKolkata Call Girls Services 9907093804 @24x7 High Class Babes Here Call Now
Kolkata Call Girls Services 9907093804 @24x7 High Class Babes Here Call NowNehru place Escorts
 
Housewife Call Girls Hsr Layout - Call 7001305949 Rs-3500 with A/C Room Cash ...
Housewife Call Girls Hsr Layout - Call 7001305949 Rs-3500 with A/C Room Cash ...Housewife Call Girls Hsr Layout - Call 7001305949 Rs-3500 with A/C Room Cash ...
Housewife Call Girls Hsr Layout - Call 7001305949 Rs-3500 with A/C Room Cash ...narwatsonia7
 
Call Girls ITPL Just Call 7001305949 Top Class Call Girl Service Available
Call Girls ITPL Just Call 7001305949 Top Class Call Girl Service AvailableCall Girls ITPL Just Call 7001305949 Top Class Call Girl Service Available
Call Girls ITPL Just Call 7001305949 Top Class Call Girl Service Availablenarwatsonia7
 
Call Girls Service Noida Maya 9711199012 Independent Escort Service Noida
Call Girls Service Noida Maya 9711199012 Independent Escort Service NoidaCall Girls Service Noida Maya 9711199012 Independent Escort Service Noida
Call Girls Service Noida Maya 9711199012 Independent Escort Service NoidaPooja Gupta
 
Call Girls Kanakapura Road Just Call 7001305949 Top Class Call Girl Service A...
Call Girls Kanakapura Road Just Call 7001305949 Top Class Call Girl Service A...Call Girls Kanakapura Road Just Call 7001305949 Top Class Call Girl Service A...
Call Girls Kanakapura Road Just Call 7001305949 Top Class Call Girl Service A...narwatsonia7
 
Call Girl Surat Madhuri 7001305949 Independent Escort Service Surat
Call Girl Surat Madhuri 7001305949 Independent Escort Service SuratCall Girl Surat Madhuri 7001305949 Independent Escort Service Surat
Call Girl Surat Madhuri 7001305949 Independent Escort Service Suratnarwatsonia7
 
Book Call Girls in Kasavanahalli - 7001305949 with real photos and phone numbers
Book Call Girls in Kasavanahalli - 7001305949 with real photos and phone numbersBook Call Girls in Kasavanahalli - 7001305949 with real photos and phone numbers
Book Call Girls in Kasavanahalli - 7001305949 with real photos and phone numbersnarwatsonia7
 
Call Girls In Andheri East Call 9920874524 Book Hot And Sexy Girls
Call Girls In Andheri East Call 9920874524 Book Hot And Sexy GirlsCall Girls In Andheri East Call 9920874524 Book Hot And Sexy Girls
Call Girls In Andheri East Call 9920874524 Book Hot And Sexy Girlsnehamumbai
 
Book Call Girls in Yelahanka - For 7001305949 Cheap & Best with original Photos
Book Call Girls in Yelahanka - For 7001305949 Cheap & Best with original PhotosBook Call Girls in Yelahanka - For 7001305949 Cheap & Best with original Photos
Book Call Girls in Yelahanka - For 7001305949 Cheap & Best with original Photosnarwatsonia7
 
College Call Girls Vyasarpadi Whatsapp 7001305949 Independent Escort Service
College Call Girls Vyasarpadi Whatsapp 7001305949 Independent Escort ServiceCollege Call Girls Vyasarpadi Whatsapp 7001305949 Independent Escort Service
College Call Girls Vyasarpadi Whatsapp 7001305949 Independent Escort ServiceNehru place Escorts
 
Call Girls Viman Nagar 7001305949 All Area Service COD available Any Time
Call Girls Viman Nagar 7001305949 All Area Service COD available Any TimeCall Girls Viman Nagar 7001305949 All Area Service COD available Any Time
Call Girls Viman Nagar 7001305949 All Area Service COD available Any Timevijaych2041
 
Dwarka Sector 6 Call Girls ( 9873940964 ) Book Hot And Sexy Girls In A Few Cl...
Dwarka Sector 6 Call Girls ( 9873940964 ) Book Hot And Sexy Girls In A Few Cl...Dwarka Sector 6 Call Girls ( 9873940964 ) Book Hot And Sexy Girls In A Few Cl...
Dwarka Sector 6 Call Girls ( 9873940964 ) Book Hot And Sexy Girls In A Few Cl...rajnisinghkjn
 

Último (20)

VIP Call Girls Mumbai Arpita 9910780858 Independent Escort Service Mumbai
VIP Call Girls Mumbai Arpita 9910780858 Independent Escort Service MumbaiVIP Call Girls Mumbai Arpita 9910780858 Independent Escort Service Mumbai
VIP Call Girls Mumbai Arpita 9910780858 Independent Escort Service Mumbai
 
Pharmaceutical Marketting: Unit-5, Pricing
Pharmaceutical Marketting: Unit-5, PricingPharmaceutical Marketting: Unit-5, Pricing
Pharmaceutical Marketting: Unit-5, Pricing
 
Call Girls Electronic City Just Call 7001305949 Top Class Call Girl Service A...
Call Girls Electronic City Just Call 7001305949 Top Class Call Girl Service A...Call Girls Electronic City Just Call 7001305949 Top Class Call Girl Service A...
Call Girls Electronic City Just Call 7001305949 Top Class Call Girl Service A...
 
Asthma Review - GINA guidelines summary 2024
Asthma Review - GINA guidelines summary 2024Asthma Review - GINA guidelines summary 2024
Asthma Review - GINA guidelines summary 2024
 
Call Girls Hsr Layout Just Call 7001305949 Top Class Call Girl Service Available
Call Girls Hsr Layout Just Call 7001305949 Top Class Call Girl Service AvailableCall Girls Hsr Layout Just Call 7001305949 Top Class Call Girl Service Available
Call Girls Hsr Layout Just Call 7001305949 Top Class Call Girl Service Available
 
Russian Call Girls Chickpet - 7001305949 Booking and charges genuine rate for...
Russian Call Girls Chickpet - 7001305949 Booking and charges genuine rate for...Russian Call Girls Chickpet - 7001305949 Booking and charges genuine rate for...
Russian Call Girls Chickpet - 7001305949 Booking and charges genuine rate for...
 
Call Girl Lucknow Mallika 7001305949 Independent Escort Service Lucknow
Call Girl Lucknow Mallika 7001305949 Independent Escort Service LucknowCall Girl Lucknow Mallika 7001305949 Independent Escort Service Lucknow
Call Girl Lucknow Mallika 7001305949 Independent Escort Service Lucknow
 
Call Girl Koramangala | 7001305949 At Low Cost Cash Payment Booking
Call Girl Koramangala | 7001305949 At Low Cost Cash Payment BookingCall Girl Koramangala | 7001305949 At Low Cost Cash Payment Booking
Call Girl Koramangala | 7001305949 At Low Cost Cash Payment Booking
 
Kolkata Call Girls Services 9907093804 @24x7 High Class Babes Here Call Now
Kolkata Call Girls Services 9907093804 @24x7 High Class Babes Here Call NowKolkata Call Girls Services 9907093804 @24x7 High Class Babes Here Call Now
Kolkata Call Girls Services 9907093804 @24x7 High Class Babes Here Call Now
 
Housewife Call Girls Hsr Layout - Call 7001305949 Rs-3500 with A/C Room Cash ...
Housewife Call Girls Hsr Layout - Call 7001305949 Rs-3500 with A/C Room Cash ...Housewife Call Girls Hsr Layout - Call 7001305949 Rs-3500 with A/C Room Cash ...
Housewife Call Girls Hsr Layout - Call 7001305949 Rs-3500 with A/C Room Cash ...
 
Call Girls ITPL Just Call 7001305949 Top Class Call Girl Service Available
Call Girls ITPL Just Call 7001305949 Top Class Call Girl Service AvailableCall Girls ITPL Just Call 7001305949 Top Class Call Girl Service Available
Call Girls ITPL Just Call 7001305949 Top Class Call Girl Service Available
 
Call Girls Service Noida Maya 9711199012 Independent Escort Service Noida
Call Girls Service Noida Maya 9711199012 Independent Escort Service NoidaCall Girls Service Noida Maya 9711199012 Independent Escort Service Noida
Call Girls Service Noida Maya 9711199012 Independent Escort Service Noida
 
Call Girls Kanakapura Road Just Call 7001305949 Top Class Call Girl Service A...
Call Girls Kanakapura Road Just Call 7001305949 Top Class Call Girl Service A...Call Girls Kanakapura Road Just Call 7001305949 Top Class Call Girl Service A...
Call Girls Kanakapura Road Just Call 7001305949 Top Class Call Girl Service A...
 
Call Girl Surat Madhuri 7001305949 Independent Escort Service Surat
Call Girl Surat Madhuri 7001305949 Independent Escort Service SuratCall Girl Surat Madhuri 7001305949 Independent Escort Service Surat
Call Girl Surat Madhuri 7001305949 Independent Escort Service Surat
 
Book Call Girls in Kasavanahalli - 7001305949 with real photos and phone numbers
Book Call Girls in Kasavanahalli - 7001305949 with real photos and phone numbersBook Call Girls in Kasavanahalli - 7001305949 with real photos and phone numbers
Book Call Girls in Kasavanahalli - 7001305949 with real photos and phone numbers
 
Call Girls In Andheri East Call 9920874524 Book Hot And Sexy Girls
Call Girls In Andheri East Call 9920874524 Book Hot And Sexy GirlsCall Girls In Andheri East Call 9920874524 Book Hot And Sexy Girls
Call Girls In Andheri East Call 9920874524 Book Hot And Sexy Girls
 
Book Call Girls in Yelahanka - For 7001305949 Cheap & Best with original Photos
Book Call Girls in Yelahanka - For 7001305949 Cheap & Best with original PhotosBook Call Girls in Yelahanka - For 7001305949 Cheap & Best with original Photos
Book Call Girls in Yelahanka - For 7001305949 Cheap & Best with original Photos
 
College Call Girls Vyasarpadi Whatsapp 7001305949 Independent Escort Service
College Call Girls Vyasarpadi Whatsapp 7001305949 Independent Escort ServiceCollege Call Girls Vyasarpadi Whatsapp 7001305949 Independent Escort Service
College Call Girls Vyasarpadi Whatsapp 7001305949 Independent Escort Service
 
Call Girls Viman Nagar 7001305949 All Area Service COD available Any Time
Call Girls Viman Nagar 7001305949 All Area Service COD available Any TimeCall Girls Viman Nagar 7001305949 All Area Service COD available Any Time
Call Girls Viman Nagar 7001305949 All Area Service COD available Any Time
 
Dwarka Sector 6 Call Girls ( 9873940964 ) Book Hot And Sexy Girls In A Few Cl...
Dwarka Sector 6 Call Girls ( 9873940964 ) Book Hot And Sexy Girls In A Few Cl...Dwarka Sector 6 Call Girls ( 9873940964 ) Book Hot And Sexy Girls In A Few Cl...
Dwarka Sector 6 Call Girls ( 9873940964 ) Book Hot And Sexy Girls In A Few Cl...
 

Adult & Pediatric Dermatology, Corrective Action Plan

  • 1. RESOLUTION AGREEMENT I. Recitals 1. Parties. The Parties to this Resolution Agreement (“Agreement”) are: A. The United States Department of Health and Human Services, Office for Civil Rights (“HHS”), which enforces the Federal Standards for the Privacy of Individually Identifiable Health Information (45 C.F.R. Part 160 and Subparts A and E of Part 164, the “Privacy Rule”); the Security Standards for the Protection of Electronic Protected Health Information (45 C.F.R. Part 160 and Subparts A, and C of 45 C.F.R. Part 164, the “Security Rule”), and the Federal standards for Notification in the Case of Breach of Unsecured Protected Health Information (45 C.F.R. Part 160 and Subparts A and D of 45 C.F.R. Part 164, the “Breach Notification Rule”). HHS has the authority to conduct investigations of complaints alleging violations of the Privacy, Security, and Breach Notification Rules by covered entities, and covered entities must cooperate with HHS’ investigation. 45 C.F.R. §160.306(c) and §160.310(b); and B. Adult & Pediatric Dermatology, P.C. (“Covered Entity”), a covered entity, as defined at 45 C.F.R. § 160.103, and therefore is required to comply with the Privacy, Security, and Breach Notification Rules. The Covered Entity has office locations in Concord, Westford, Marlborough, and Ayer, Massachusetts, and one office in Wolfeboro, New Hampshire. HHS and the Covered Entity shall together be referred to herein as the “Parties.” 2. Factual Background and Covered Conduct. On October 7, 2011, HHS received notification from the Covered Entity regarding a breach of its unsecured electronic protected health information (ePHI). The Covered Entity reported that an unencrypted thumb drive that contained the ePHI relating to the performance of Mohs surgery of approximately 2,200 individuals was stolen from a vehicle of one its workforce members. The thumb drive was never recovered. The Covered Entity notified its patients of the theft of the thumb drive within 30 days of its theft and provided media notice. On November 9, 2011, HHS notified the Covered Entity of HHS’s investigation regarding the Covered Entity’s compliance with the Privacy, Security, and Breach Notification Rules. HHS’s investigation indicated that the following conduct occurred (“Covered Conduct”): (1) The Covered Entity did not conduct an accurate and thorough analysis of the potential risks and vulnerabilities to the confidentiality of ePHI as part of its security management process until October 1, 2012. (2) The Covered Entity did not fully comply with the administrative requirements of the Breach Notification Rule to have written policies and procedures and train members of its workforce regarding the Breach Notification requirements until February 7, 2012. 1
  • 2. (3) On September 14, 2011, the Covered Entity impermissibly disclosed the ePHI of up to 2,200 individuals by providing an unauthorized individual access to said ePHI for a purpose not permitted by the Privacy Rule when it did not reasonably safeguard an unencrypted thumb drive that was stolen from the unattended vehicle of one its workforce members. 3. No Admission. This Agreement is not an admission of liability by the Covered Entity. 4. No Concession. This Agreement is not a concession by HHS that the Covered Entity is not in violation of the Privacy, Security or Breach Notification Rules and that the Covered Entity is not liable for civil money penalties. 5. Intention of Parties to Effect Resolution. This Agreement is intended to resolve HHS Complaint No. 12-133708, and any violations of the Privacy, Security and Breach Notification Rules for the Covered Conduct specified in paragraph I.2.of this Agreement. In consideration of the Parties’ interest in avoiding the uncertainty, burden and expense of further investigation and formal proceedings, the Parties agree to resolve this matter according to the Terms and Conditions below. II. Terms and Conditions 1. Payment. The Covered Entity agrees to pay HHS the amount of $150,000.00 (“Resolution Amount”), the payment of which shall be made on behalf of the Covered Entity by its shareholders. The payment of the Resolution Amount shall be made on the Effective Date of this Agreement as defined in paragraph II.9 by electronic funds transfer pursuant to written instructions to be provided by HHS. 2. Corrective Action Plan. The Covered Entity has entered into and agrees to comply with the Corrective Action Plan (CAP), attached as Appendix A, which is incorporated into this Agreement by reference. If the Covered Entity breaches the CAP, and fails to cure the breach as set forth in the CAP, then the Covered Entity will be in breach of this Agreement, and HHS will not be subject to the terms and conditions in the Release set forth in paragraph II.3. of this Agreement. 3. Release by HHS. In consideration of and conditioned upon the Covered Entity’s performance of its obligations under this Agreement, HHS releases the Covered Entity from any actions it has or may have against the Covered Entity under the Privacy, Security, and Breach Notification Rules for the Covered Conduct specified -in paragraph I.2. of this Agreement. HHS does not release the Covered Entity from, nor waive any rights, obligations, or causes of action other than those for the Covered Conduct and referred to in this paragraph. This release does not extend to actions that may be brought under section 1177 of the Social Security Act, 42 U.S.C. § 1320d-6. 4. Agreement by Released Party. The Covered Entity shall not contest its obligation to pay, nor the amount of, the Resolution Amount or any other obligations agreed to under this Agreement. The Covered Entity waives all procedural rights granted under section 1128A of the Social Security Act (42 U.S.C. § 1320a-7a), 45 C.F.R. Part 160, Subpart E; and HHS Claims 2
  • 3. Collection provisions, 45 C.F.R. Part 30, including, but not limited to, notice, hearing, and appeal with respect to the Resolution Amount. 5. Binding on Successors. This Agreement is binding on the Covered Entity and its successors, heirs, transferees, and assigns. 6. Costs. Each Party to this Agreement shall bear its own legal and other costs incurred in connection with this matter, including the preparation and performance of this Agreement. 7. No Additional Releases. This Agreement is intended to be for the benefit of the Parties only, and by this instrument the Parties do not release any claims against any other person or entity. 8. Effect of Agreement. This Agreement constitutes the complete agreement between the Parties. All material representations, understandings, and promises of the Parties are contained in this Agreement. Any modifications to this Agreement must be in writing and signed by both Parties. 9. Execution of Agreement and Effective Date. The Agreement shall become effective (i.e., final and binding) on the date of signing of this Agreement and the CAP by the last signatory (“Effective Date”). 10. Tolling of Statute of Limitations. Pursuant to 42 U.S.C. § 1320a-7a(c)(1), a civil money penalty (“CMP”) must be imposed within six years from the date of the occurrence of the violation. To ensure that this six-year period does not expire during the term of this Agreement, the Covered Entity agrees that the time between the Effective Date of this Agreement and the date this Agreement may be terminated by reason of the Covered Entity’s breach, plus one-year thereafter, will not be included in calculating the six (6) year statute of limitations applicable to the violations which are the subject of this Agreement. The Covered Entity waives and will not plead any statute of limitations, laches, or similar defenses to any actions for the Covered Conduct specified in paragraph I.2. that is filed by HHS within the time period above, except to the extent that such defenses would have been available had an administrative action been filed on the Effective Date of this Agreement. 11. Disclosure. HHS places no restriction on the publication of the Agreement. This Agreement and information related to this Agreement may be made public by either party. In addition, HHS may be required to disclose this Agreement and related material to any person upon request consistent with the applicable provisions of the Freedom of Information Act, 5 U.S.C. § 552, and its implementing regulations, 45 C.F.R. Part 5. 12. Execution in Counterparts. This Agreement may be executed in counterparts, each of which constitutes an original, and all of which shall constitute one and the same agreement. 13. Authorizations. The individual(s) signing this Agreement on behalf of the Covered Entity represents and warrants that it agreed to be bound by the terms of this Agreement and that he/she is authorized to execute this Agreement. The individual signing this Agreement 3
  • 4. on behalf of HHS represents and warrants that he is signing this Agreement in his official capacity and that he is authorized to execute this Agreement. For Adult & Pediatric Dermatology, P.C. - // - December 24, 2013 Glenn Smith Chief Operating Officer Date For the United States Department of Health and Human Services - // Peter K. Chan Regional Manager, Region I Office for Civil Rights December 24, 2013 Date 4
  • 5. Appendix A CORRECTIVE ACTION PLAN BETWEEN THE DEPARTMENT OF HEALTH AND HUMAN SERVICES AND ADULT & PEDIATRIC DERMATOLOGY, P.C. I. Preamble Adult & Pediatric Dermatology, P.C. (“the Covered Entity”), hereby enters into this Corrective Action Plan (“CAP”) with the United States Department of Health and Human Services, Office for Civil Rights (“HHS” or “OCR”). Contemporaneously with this CAP, the Covered Entity is entering into a Resolution Agreement (“Agreement”) with HHS, and this CAP is incorporated by reference into the Agreement as Appendix A. The Covered Entity enters into this CAP as part of the consideration for the release in paragraph II.3. of the Agreement. II. Contact Persons and Submissions A. Contact Persons The Covered Entity has identified the following individual as its authorized representative and contact person regarding the implementation of this CAP and for receipt and submission of notifications and reports: Glenn Smith Chief Operating Officer Adult & Pediatric Dermatology 1620 Sudbury Road Concord, MA 01742 HHS has identified the following individual as its contact person with whom the Covered Entity is to report information regarding the implementation of this CAP: Ms. Susan Rhodes, Deputy Regional Manager Office for Civil Rights, Region I Department of Health and Human Services JFK Federal Building, Room 1875 Boston, MA 02203 Susan.Rhodes@hhs.gov Telephone: 617-565-1347 Facsimile: 617-565-3809 1
  • 6. The Covered Entity and HHS agree to promptly notify each other of any changes in the contact persons or the other information provided above. B. Proof of Submissions. Unless otherwise specified, all notifications and reports required by this CAP may be made by any means, including certified mail, overnight mail, or hand delivery, provided that there is proof that such notification was received. For purposes of this requirement, internal facsimile confirmation sheets do not constitute proof of receipt. III. Effective Date and Term of CAP The Effective Date of this CAP shall be calculated in accordance with paragraph II.9 of the Agreement (“Effective Date”). The period for compliance with the obligations assumed by the Covered Entity under this CAP shall begin on the Effective Date of this CAP and end on the date OCR approves the Implementation Report specified at paragraph VI (“Compliance Term”). Except that after the Compliance Term ends, the Covered Entity shall still be obligated to comply with the document retention requirement in section VII. IV. Time In computing any period of time prescribed or allowed by this CAP, the day of the act, event, or default from which the designated period of time begins to run shall not be included. The last day of the period so computed shall be included, unless it is a Saturday, a Sunday, or a legal holiday, in which event the period runs until the end of the next day that is not one of the aforementioned days. V. Corrective Action Obligations The Covered Entity agrees to the following: A. Security Management Process 1. Within one year following the Effective Date the Covered Entity shall conduct a comprehensive, organizational-wide risk analysis of the ePHI security risks and vulnerabilities that incorporates all of the Covered Entity’s electronic media and systems. 2. The Covered Entity shall develop a risk management plan to address and mitigate any security risks and vulnerabilities following the risk analysis specified in paragraph V.A.1 and, if necessary, revise its present policies and procedures. The risk analysis, risk management plan and any revised policies and procedures shall be forwarded to OCR for review and approval within 60 days of the date the Covered Entity completes the risk management plan. OCR shall approve or, if necessary, require revisions to the Covered Entity’s risk analysis, risk management plan and any policies and procedures specified above in paragraphs V.A.1 and V.A.2. 3. Upon receiving OCR’s notice of required revisions, if any, the Covered Entity shall have 30 days to incorporate the required revisions and provide the revised risk management plan or policies and procedures to OCR for review and approval. If revisions to the Covered Entity’s policies and procedures are required, the Covered Entity shall implement, 2
  • 7. distribute, and train all appropriate staff members on the revised policies and procedures within 30 calendar days of OCR’s approval, in accordance with its applicable administrative procedures for training. B. Reportable Events 1. During the Compliance Term, the Covered Entity shall, upon receiving information that a workforce member may have failed to comply with any provision of its Privacy, Security, and Breach Notification policies and procedures, promptly investigate the matter. If the Covered Entity, after review and investigation, determines that a member of its workforce has failed to comply with a provision of its Privacy, Security, and Breach Notification policies and procedures, the Covered Entity shall notify OCR in writing within thirty (30) days. Such violations shall be known as “Reportable Events.” The report to OCR shall include the following: a. A complete description of the event, including relevant facts, the persons involved, and the implicated provision(s) of the Covered Entity’s Privacy, Security, and Breach Notification policies and procedures; and b. A description of actions taken and any further steps the Covered Entity plans to take to address the matter, to mitigate the harm, and to prevent it from recurring, including the application of appropriate sanctions against workforce members who failed to comply with its Privacy, Security, and Breach Notification policies and procedures. 2. If no Reportable Events occur during the Compliance Term, the Covered Entity shall advise OCR of this fact in the Implementation Report. VI. IMPLEMENTATION REPORT A. Within 60 days after receiving OCR’s approval of the risk analysis, risk management plan and any revised policies and procedures consistent with paragraph V.A.3, the Covered Entity shall submit a written report to OCR for review and approval (“Implementation Report”). The Implementation Report shall include: 1. An explanation of how the Covered Entity implemented its security management process consistent with paragraphs V.A.1, V.A.2, and V.A.3 above, focusing specifically on how The Covered Entity determined whether its policies and procedures should be revised based on the risks and vulnerabilities identified in the risk analysis. 2. If revisions to the Covered Entity’s policies and procedures were necessary, an attestation signed by an officer of the Covered Entity attesting that any revised policies and procedures have been fully implemented and distributed to all appropriate members of the workforce consistent with the requirements in paragraph V.A.3; 3
  • 8. 3. If revisions to the Covered Entity’s policies and procedures were necessary, an attestation signed by an officer of the Covered Entity attesting that all appropriate members of the workforce have completed training on any revised policies and procedures consistent with the requirements in paragraph V.A.3; 4. A summary of Reportable Events and the status of any corrective and preventative action(s) relating to all such Reportable Events. 5. An attestation signed by an officer of the Covered Entity stating that he or she has reviewed the Implementation Report, has made a reasonable inquiry regarding its content and believes that, upon such inquiry, the information is accurate and truthful. VII. Document Retention The Covered Entity shall maintain for inspection and copying all documents and records relating to compliance with this CAP for 3 years from the Effective Date. VIII. Breach Provisions The Covered Entity is expected to fully and timely comply with all provisions contained in this CAP. A. Timely Written Requests for Extensions. The Covered Entity may, in advance of any due date in this CAP, submit a timely written request for an extension of time to perform any act required by this CAP. A “timely written request” is defined as a request in writing received by HHS at least 5 days prior to the date such an act is required or due to be performed. B. Notice of Breach and Intent to Impose CMP. The Parties agree that a breach of this CAP by the Covered Entity constitutes a breach of the Agreement. Upon a determination by HHS that The Covered Entity has breached this CAP, HHS may notify the Covered Entity of (1) the Covered Entity’s breach; and (2) HHS’ intent to impose a civil monetary penalty (CMP), pursuant to 45 C.F.R. Part 160, for the Covered Conduct in paragraph I.2. of the Agreement and for any other conduct that constitutes a violation of the HIPAA Privacy, Security, and Breach Notification Rules (“Notice of Breach and Intent to Impose CMP”). C. The Covered Entity Response. The Covered Entity shall have 30 days from the date of receipt of the Notice of Breach and Intent to Impose CMP to demonstrate to HHS’ satisfaction that: 1. the Covered Entity is in compliance with the obligations of this CAP that HHS cited as the basis for the breach; 2. the alleged breach has been cured; or 3. the alleged breach cannot be cured within the 30-day period, but that: (a) the Covered Entity has begun to take action to cure the breach; (b) the Covered Entity is 4
  • 9. pursuing such action with due diligence; and (c) the Covered Entity has provided to HHS a reasonable timetable for curing the breach. D. Imposition of CMP. If at the conclusion of the 30-day period, the Covered Entity fails to meet the requirements of section VIII.C. to HHS’ satisfaction, HHS may proceed with the imposition of the CMP against the Covered Entity pursuant to 45 C.F.R. Part 160 for any violations of the Privacy, Security, and Breach Notification Rules for the Covered Conduct in paragraph I.2. of the Agreement and for any other act or failure to act that constitutes a violation of the HIPAA Privacy, Security and Breach Notification Rules. HHS shall notify the Covered Entity in writing of its determination to proceed with the imposition of a CMP. For Adult & Pediatric Dermatology, P.C. Glenn Smith Chief Operating Officer Date For the United States Department of Health and Human Services Peter K. Chan Regional Manager, Region I Office for Civil Rights Date 5