$1.55 million settlement underscores the importance of executing HIPAA business associate agreements

North Memorial Health Care has agreed to settle charges that it potentially violated the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules by failing to implement a business associate agreement with a major contractor and failing to institute an organization-wide risk analysis to address risks and vulnerabilities to its patient information.  North Memorial is a comprehensive, not-for-profit health care system in Minnesota that serves the Twin Cities and surrounding communities.  The settlement includes a monetary payment of $1,550,000 and a robust corrective action plan.

Content created by Office for Civil Rights (OCR)
Content last reviewed