A Draft Won't Do: OCR Settles with CardioNet $2.5m for Failing to Finalize Policies and Procedures

05.01.17
By Adam H. Greene, Rebecca L. Williams, and Sean R. Baird

On April 24, 2017, the Department of Health and Human Services Office for Civil Rights ("OCR") announced that CardioNet, a provider of remote mobile monitoring and rapid response services to patients at risk for cardiac arrhythmias, has paid $2.5 million to settle alleged HIPAA violations. This settlement announcement reminds covered entities and business associates of the importance of finalizing and implementing policies and procedures and conducting adequate risk analyses and risk management plans.