Catholic Health Care Services to pay $650,000 HIPAA fine for business associate incident

Catholic Health Care Services of the Archdiocese of Philadelphia will pay $650,000 to settle HIPAA violations tied to the theft of a company-issued iPhone. The theft compromised the data of 412 nursing home residents. The Office for Civil Rights found that CHCS did not have the necessary risk analysis and risk management plan. OCR will monitor CHCS for two years as part of the settlement agreement.