Raleigh Clinic Pays $750K HIPAA Fine: Key Lessons
Posted: May 19, 2016 to Compliance.
Raleigh Orthopedic Clinic (ROC) of North Carolina is paying for its violation of the Health Insurance Portability and Accountability Act of 1996 Privacy Rule, for allegedly sharing private and protected patient information with a potential business partner. $750,000, to be exact. The Office of Civil Rights (a division of the U.S. Department of Health and Human Services) revealed in its investigation that ROC released not only the protected information of 17,300 patients, but X-ray films, as well. This personal information was given to a company that was slated to turn X-ray images into electronic media in exchange for the silver that was procured from the X-ray film. The transaction would not have been a HIPAA breach had there been a business associate agreement between the companies before they handed over the X-rays and the private information. The Office of Civil Rights, in addition to paying out a quarter of a million dollars, has agreed to a Corrective Action Plan that includes implementing employee training and guidelines that help to ensure that HIPAA policies are followed ROC in the future. You can view the full Corrective Action Plan here.Protect Your Business Today
Petronella Technology Group has provided cybersecurity, compliance, and managed IT services from Raleigh, NC for over 23 years. Contact us today for a free consultation and technology assessment.
Need help implementing these strategies?
Our cybersecurity experts can assess your environment and build a tailored plan.
Get Free Assessment
![AI-Powered SOC: How Artificial Intelligence Is Transforming Security Operations Centers in 2026 [Video + Guide]](https://petronellatech.com/inc/modules/Blog/images/icons/1310.webp){kind=icon}
