Corrective action plan for HIPAA violations at non-profit hospital system

Stethoscope on books

One of the nation’s largest non-profit hospital systems entered into a multi-million-dollar settlement and Corrective Action Plan (CAP) with the US Department of Health and Human Services’ Office for Civil Rights (HHS OCR) in relation to potential violations of the Health Insurance Portability and Accountability Act (HIPAA) involving Protected Health Information. The hospital system retained CRA to serve as the OCR-approved assessor under the terms of the CAP, focusing on compliance with policies and procedures related to information security and data privacy. CRA’s team of forensic experts assisted the hospital system in complying with its obligations under the CAP, strengthening the efficacy of its information security and privacy program, and enhancing its culture of compliance.

Meet our team