A Draft Won't Do: OCR Settles with CardioNet $2.5m for Failing to Finalize Policies and Procedures

By Adam H. Greene, Rebecca L. Williams, and Sean R. Baird

On April 24, 2017, the Department of Health and Human Services Office for Civil Rights ("OCR") announced that CardioNet, a provider of remote mobile monitoring and rapid response services to patients at risk for cardiac arrhythmias, has paid $2.5 million to settle alleged HIPAA violations. This settlement announcement reminds covered entities and business associates of the importance of finalizing and implementing policies and procedures and conducting adequate risk analyses and risk management plans.

Sean R. Baird

Adam H. Greene

Adam D. Romney

Rebecca L. Williams

Health Care

Health Information

Health Information Privacy, Security & Breach Response

Privacy & Security