Just because a business closes its doors, it doesn't mean that it no longer is obligated to safeguard patients'
protected health information
(PHI), as one company recently learned. Earlier this month, the receiver appointed to liquidate the assets of
. agreed to pay $100,000 out of the receivership estate to settle potential HIPAA violations. Filefax was an Illinois
company that provided storage, maintenance and delivery of medical records. Before it shut its doors in 2016, the
U.S. Department of Health and Human Services
Office for Civil Rights
received a complaint alleging that a "dumpster diver" brought medical records obtained from Filefax to a shredding and recycling facility to exchange for cash. After opening an investigation, OCR confirmed that the medical records of more than 2,100 patients had been left at the shredding facility in February 2015.