This resolution agreement resolves a potential violation of HIPAA rules regarding the protection of patient health information. North Memorial Health Care paid $1,550,000 to settle claims that it improperly provided a business associate, Accretive Health, access to patient information without having a formal agreement in place to protect the data. As part of the settlement, North Memorial agreed to comply with corrective actions to improve its privacy and security practices.
OCR received a breach notice in February 2012 from QCA Health Plan, Inc. of Arkansas reporting that an unencrypted laptop computer containing the ePHI of 148 individuals was stolen from a workforce member’s car. While QCA encrypted their devices following discovery of the breach, OCR’s investigation revealed that QCA failed to comply with multiple requirements of the HIPAA Privacy and Security Rules, beginning from the compliance date of the Security Rule in April 2005 and ending in June 2012. QCA agreed to a $250,000 monetary settlement and is required to provide HHS with an updated risk analysis and corresponding risk management plan that includes specific security measures to reduce the risks to and vulnerabilities of its ePHI. QCA is also required to retrain its workforce and document its ongoing compliance efforts.
Catholic Health Care Services Resolution Agreement and Corrective Action PlanAlex Slaney
Catholic Health Care Services of the Archdiocese of Philadelphia settlement, Resolution Agreement and Corrective Action Plan as a result of violating the HIPAA Security Rule for ePHI
OCR opened a compliance review of Concentra Health Services (Concentra) upon receiving a breach report that an unencrypted laptop was stolen from one of its facilities, the Springfield Missouri Physical Therapy Center. OCR’s investigation revealed that Concentra had previously recognized in multiple risk analyses that a lack of encryption on its laptops, desktop computers, medical equipment, tablets and other devices containing electronic protected health information (ePHI) was a critical risk. While steps were taken to begin encryption, Concentra’s efforts were incomplete and inconsistent over time leaving patient PHI vulnerable throughout the organization. OCR’s investigation further found Concentra had insufficient security management processes in place to safeguard patient information. Concentra has agreed to pay OCR $1,725,220 to settle potential violations and will adopt a corrective action plan to evidence their remediation of these findings.
OCR received a breach notice in February 2012 from QCA Health Plan, Inc. of Arkansas reporting that an unencrypted laptop computer containing the ePHI of 148 individuals was stolen from a workforce member’s car. While QCA encrypted their devices following discovery of the breach, OCR’s investigation revealed that QCA failed to comply with multiple requirements of the HIPAA Privacy and Security Rules, beginning from the compliance date of the Security Rule in April 2005 and ending in June 2012. QCA agreed to a $250,000 monetary settlement and is required to provide HHS with an updated risk analysis and corresponding risk management plan that includes specific security measures to reduce the risks to and vulnerabilities of its ePHI. QCA is also required to retrain its workforce and document its ongoing compliance efforts.
Catholic Health Care Services Resolution Agreement and Corrective Action PlanAlex Slaney
Catholic Health Care Services of the Archdiocese of Philadelphia settlement, Resolution Agreement and Corrective Action Plan as a result of violating the HIPAA Security Rule for ePHI
OCR opened a compliance review of Concentra Health Services (Concentra) upon receiving a breach report that an unencrypted laptop was stolen from one of its facilities, the Springfield Missouri Physical Therapy Center. OCR’s investigation revealed that Concentra had previously recognized in multiple risk analyses that a lack of encryption on its laptops, desktop computers, medical equipment, tablets and other devices containing electronic protected health information (ePHI) was a critical risk. While steps were taken to begin encryption, Concentra’s efforts were incomplete and inconsistent over time leaving patient PHI vulnerable throughout the organization. OCR’s investigation further found Concentra had insufficient security management processes in place to safeguard patient information. Concentra has agreed to pay OCR $1,725,220 to settle potential violations and will adopt a corrective action plan to evidence their remediation of these findings.
Resolution Agreement: On January 6, 2012, HHS notified SRMC of its initiation of a compliance review of its facility to determine whether there was a failure to comply with the requirements of the Privacy Rule. HHS’s compliance review was prompted by an article in the Los Angeles Times published on January 4, 2012. The article indicated that two of SRMC’s senior leaders met with the media to discuss the medical services provided to a patient (the Affected Party) without a valid written authorization.
Adult & Pediatric Dermatology, P.C., of Concord, Mass., has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules with the Department of Health and Human Services, agreeing to a $150,000 payment. The practice will also be required to implement a corrective action plan to correct deficiencies in its HIPAA compliance program. Adult and Pediatric Dermatology is a private practice that delivers dermatology services in four locations in Massachusetts and two in New Hampshire. This case marks the first settlement with a covered entity for not having policies and procedures in place to address the breach notification provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act, passed as part of American Recovery and Reinvestment Act of 2009 (ARRA).
The HHS Office for Civil Rights (OCR) opened an investigation of Adult and Pediatric Dermatology upon receiving a report that an unencrypted thumb drive containing the electronic protected health information (ePHI) of approximately 2,200 individuals was stolen from a vehicle of one its staff members. The thumb drive was never recovered. The investigation revealed that Adult and Pediatric Dermatology had not conducted an accurate and thorough analysis of the potential risks and vulnerabilities to the confidentiality of ePHI as part of its security management process. Further, Adult and Pediatric Dermatology did not fully comply with requirements of the Breach Notification Rule to have in place written policies and procedures and train workforce members.
In addition to a $150,000 resolution amount, the settlement includes a corrective action plan requiring Adult and Pediatric Dermatology to develop a risk analysis and risk management plan to address and mitigate any security risks and vulnerabilities, as well as to provide an implementation report to OCR.
Download the Corrective Action Plan(CAP) here >>
Tips s to providers: Almost all of the HIPAA/HITECH violations identified in the last few years is due to insufficient security risk analysis conducted by the providers or business associates.
Parkview Health System, Inc. (Parkview) has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule with the Department of Health and Human Services (HHS) Office for Civil Rights (OCR). Parkview will pay $800,000 and adopt a corrective action plan to correct deficiencies in its HIPAA compliance program.
Cancer Care Group HIPAA Settlement Agreementdata brackets
Cancer Care has taken corrective action with regard to the specific requirements of the Privacy and Security Rules that are at the core of this enforcement action, as well as actions to come into compliance with the other provisions of the HIPAA Rules. The Resolution Agreement and Corrective Action Plan (CAP) can be found on the OCR website at: http://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/cancercare.html
Raleigh Orthopedic RA and CAP April 2016Alex Slaney
Resolution Agreement and CAP put in place after Raleigh Orthopedic violated The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule
Presence Health Resolution Agreement with OCRdata brackets
The U.S. Department of Health and Human Services, Office for Civil Rights (OCR), has announced the first Health Insurance Portability and Accountability Act (HIPAA) settlement based on the untimely reporting of a breach of unsecured protected health information (PHI). Presence Health has agreed to settle potential violations of the HIPAA Breach Notification Rule by paying $475,000 and implementing a corrective action plan. Presence Health is one of the largest health care networks serving Illinois and consists of approximately 150 locations, including 11 hospitals and 27 long-term care and senior living facilities. Presence Health also has multiple physicians’ offices and health care centers in its system and offers home care, hospice care, and behavioral health services. With this settlement amount, OCR balanced the need to emphasize the importance of timely breach reporting with the desire not to disincentive breach reporting altogether.
On January 31, 2014, OCR received a breach notification report from Presence indicating that on October 22, 2013, Presence discovered that paper-based operating room schedules, which contained the PHI of 836 individuals, were missing from the Presence Surgery Center at the Presence St. Joseph Medical Center in Joliet, Illinois. The information consisted of the affected individuals’ names, dates of birth, medical record numbers, dates of procedures, types of procedures, surgeon names, and types of anesthesia. OCR’s investigation revealed that Presence Health failed to notify, without unreasonable delay and within 60 days of discovering the breach, each of the 836 individuals affected by the breach, prominent media outlets (as required for breaches affecting 500 or more individuals), and OCR.
“Covered entities need to have a clear policy and procedures in place to respond to the Breach Notification Rule’s timeliness requirements” said OCR Director Jocelyn Samuels. “Individuals need prompt notice of a breach of their unsecured PHI so they can take action that could help mitigate any potential harm caused by the breach.”
The Resolution Agreement and Corrective Action Plan may be found on the OCR website at http://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/presence
OCR’s guidance on breach notification may be found at http://www.hhs.gov/hipaa/for-professionals/breach-notification/index.html
To learn more about non-discrimination and health information privacy laws, your civil rights, and privacy rights in health care and human service settings, and to find information on filing a complaint, visit us at http://www.hhs.gov/hipaa/index.html
Follow OCR on Twitter at http://twitter.com/HHSOCR
Skagit county- HIPAA violation settlement agreement with HHSdata brackets
Skagit County, Washington, has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules. Skagit County agreed to a $215,000 monetary settlement and to work closely with the Department of Health and Human Services (HHS) to correct deficiencies in its HIPAA compliance program. Skagit County is located in Northwest Washington, and is home to approximately 118,000 residents. The Skagit County Public Health Department provides essential services to many individuals who would otherwise not be able to afford health care.
OCR opened an investigation of Skagit County upon receiving a breach report that money receipts with electronic protected health information (ePHI) of seven individuals were accessed by unknown parties after the ePHI had been inadvertently moved to a publicly accessible server maintained by the County. OCR's investigation revealed a broader exposure of protected health information involved in the incident, which included the ePHI of 1,581 individuals. Many of the accessible files involved sensitive information, including protected health information concerning the testing and treatment of infectious diseases. OCR's investigation further uncovered general and widespread non-compliance by Skagit County with the HIPAA Privacy, Security, and Breach Notification Rules.
Skagit County continues to cooperate with OCR through a corrective action plan to ensure it has in place written policies and procedures, documentation requirements, training, and other measures to comply with the HIPAA Rules. This corrective action plan also requires Skagit County to provide regular status reports to OCR.
Raleigh Orthopedic RA and CAP April 2016data brackets
Raleigh Orthopedics's Resolution Agreement and CAP resulting from Raleigh Orthopedic violating the Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules
First HIPAA enforcement action for lack of timely breach notification settles...David Sweigert
First HIPAA enforcement action for lack of timely breach notification settles for $475,000
The U.S. Department of Health and Human Services, Office for Civil Rights (OCR), has announced the first Health Insurance Portability and Accountability Act (HIPAA) settlement based on the untimely reporting of a breach of unsecured protected health information (PHI). Presence Health has agreed to settle potential violations of the HIPAA Breach Notification Rule by paying $475,000 and implementing a corrective action plan. Presence Health is one of the largest health care networks serving Illinois and consists of approximately 150 locations, including 11 hospitals and 27 long-term care and senior living facilities. Presence also has multiple physicians’ offices and health care centers in its system and offers home care, hospice care, and behavioral health services. With this settlement amount, OCR balanced the need to emphasize the importance of timely breach reporting with the desire not to disincentive breach reporting altogether.
On January 31, 2014, OCR received a breach notification report from Presence indicating that on October 22, 2013, Presence discovered that paper-based operating room schedules, which contained the PHI of 836 individuals, were missing from the Presence Surgery Center at the Presence St. Joseph Medical Center in Joliet, Illinois. The information consisted of the affected individuals’ names, dates of birth, medical record numbers, dates of procedures, types of procedures, surgeon names, and types of anesthesia. OCR’s investigation revealed that Presence Health failed to notify, without unreasonable delay and within 60 days of discovering the breach, each of the 836 individuals affected by the breach, prominent media outlets (as required for breaches affecting 500 or more individuals), and OCR.
Resolution Agreement: On January 6, 2012, HHS notified SRMC of its initiation of a compliance review of its facility to determine whether there was a failure to comply with the requirements of the Privacy Rule. HHS’s compliance review was prompted by an article in the Los Angeles Times published on January 4, 2012. The article indicated that two of SRMC’s senior leaders met with the media to discuss the medical services provided to a patient (the Affected Party) without a valid written authorization.
Adult & Pediatric Dermatology, P.C., of Concord, Mass., has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules with the Department of Health and Human Services, agreeing to a $150,000 payment. The practice will also be required to implement a corrective action plan to correct deficiencies in its HIPAA compliance program. Adult and Pediatric Dermatology is a private practice that delivers dermatology services in four locations in Massachusetts and two in New Hampshire. This case marks the first settlement with a covered entity for not having policies and procedures in place to address the breach notification provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act, passed as part of American Recovery and Reinvestment Act of 2009 (ARRA).
The HHS Office for Civil Rights (OCR) opened an investigation of Adult and Pediatric Dermatology upon receiving a report that an unencrypted thumb drive containing the electronic protected health information (ePHI) of approximately 2,200 individuals was stolen from a vehicle of one its staff members. The thumb drive was never recovered. The investigation revealed that Adult and Pediatric Dermatology had not conducted an accurate and thorough analysis of the potential risks and vulnerabilities to the confidentiality of ePHI as part of its security management process. Further, Adult and Pediatric Dermatology did not fully comply with requirements of the Breach Notification Rule to have in place written policies and procedures and train workforce members.
In addition to a $150,000 resolution amount, the settlement includes a corrective action plan requiring Adult and Pediatric Dermatology to develop a risk analysis and risk management plan to address and mitigate any security risks and vulnerabilities, as well as to provide an implementation report to OCR.
Download the Corrective Action Plan(CAP) here >>
Tips s to providers: Almost all of the HIPAA/HITECH violations identified in the last few years is due to insufficient security risk analysis conducted by the providers or business associates.
Parkview Health System, Inc. (Parkview) has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule with the Department of Health and Human Services (HHS) Office for Civil Rights (OCR). Parkview will pay $800,000 and adopt a corrective action plan to correct deficiencies in its HIPAA compliance program.
Cancer Care Group HIPAA Settlement Agreementdata brackets
Cancer Care has taken corrective action with regard to the specific requirements of the Privacy and Security Rules that are at the core of this enforcement action, as well as actions to come into compliance with the other provisions of the HIPAA Rules. The Resolution Agreement and Corrective Action Plan (CAP) can be found on the OCR website at: http://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/cancercare.html
Raleigh Orthopedic RA and CAP April 2016Alex Slaney
Resolution Agreement and CAP put in place after Raleigh Orthopedic violated The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule
Presence Health Resolution Agreement with OCRdata brackets
The U.S. Department of Health and Human Services, Office for Civil Rights (OCR), has announced the first Health Insurance Portability and Accountability Act (HIPAA) settlement based on the untimely reporting of a breach of unsecured protected health information (PHI). Presence Health has agreed to settle potential violations of the HIPAA Breach Notification Rule by paying $475,000 and implementing a corrective action plan. Presence Health is one of the largest health care networks serving Illinois and consists of approximately 150 locations, including 11 hospitals and 27 long-term care and senior living facilities. Presence Health also has multiple physicians’ offices and health care centers in its system and offers home care, hospice care, and behavioral health services. With this settlement amount, OCR balanced the need to emphasize the importance of timely breach reporting with the desire not to disincentive breach reporting altogether.
On January 31, 2014, OCR received a breach notification report from Presence indicating that on October 22, 2013, Presence discovered that paper-based operating room schedules, which contained the PHI of 836 individuals, were missing from the Presence Surgery Center at the Presence St. Joseph Medical Center in Joliet, Illinois. The information consisted of the affected individuals’ names, dates of birth, medical record numbers, dates of procedures, types of procedures, surgeon names, and types of anesthesia. OCR’s investigation revealed that Presence Health failed to notify, without unreasonable delay and within 60 days of discovering the breach, each of the 836 individuals affected by the breach, prominent media outlets (as required for breaches affecting 500 or more individuals), and OCR.
“Covered entities need to have a clear policy and procedures in place to respond to the Breach Notification Rule’s timeliness requirements” said OCR Director Jocelyn Samuels. “Individuals need prompt notice of a breach of their unsecured PHI so they can take action that could help mitigate any potential harm caused by the breach.”
The Resolution Agreement and Corrective Action Plan may be found on the OCR website at http://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/presence
OCR’s guidance on breach notification may be found at http://www.hhs.gov/hipaa/for-professionals/breach-notification/index.html
To learn more about non-discrimination and health information privacy laws, your civil rights, and privacy rights in health care and human service settings, and to find information on filing a complaint, visit us at http://www.hhs.gov/hipaa/index.html
Follow OCR on Twitter at http://twitter.com/HHSOCR
Skagit county- HIPAA violation settlement agreement with HHSdata brackets
Skagit County, Washington, has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules. Skagit County agreed to a $215,000 monetary settlement and to work closely with the Department of Health and Human Services (HHS) to correct deficiencies in its HIPAA compliance program. Skagit County is located in Northwest Washington, and is home to approximately 118,000 residents. The Skagit County Public Health Department provides essential services to many individuals who would otherwise not be able to afford health care.
OCR opened an investigation of Skagit County upon receiving a breach report that money receipts with electronic protected health information (ePHI) of seven individuals were accessed by unknown parties after the ePHI had been inadvertently moved to a publicly accessible server maintained by the County. OCR's investigation revealed a broader exposure of protected health information involved in the incident, which included the ePHI of 1,581 individuals. Many of the accessible files involved sensitive information, including protected health information concerning the testing and treatment of infectious diseases. OCR's investigation further uncovered general and widespread non-compliance by Skagit County with the HIPAA Privacy, Security, and Breach Notification Rules.
Skagit County continues to cooperate with OCR through a corrective action plan to ensure it has in place written policies and procedures, documentation requirements, training, and other measures to comply with the HIPAA Rules. This corrective action plan also requires Skagit County to provide regular status reports to OCR.
Raleigh Orthopedic RA and CAP April 2016data brackets
Raleigh Orthopedics's Resolution Agreement and CAP resulting from Raleigh Orthopedic violating the Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules
First HIPAA enforcement action for lack of timely breach notification settles...David Sweigert
First HIPAA enforcement action for lack of timely breach notification settles for $475,000
The U.S. Department of Health and Human Services, Office for Civil Rights (OCR), has announced the first Health Insurance Portability and Accountability Act (HIPAA) settlement based on the untimely reporting of a breach of unsecured protected health information (PHI). Presence Health has agreed to settle potential violations of the HIPAA Breach Notification Rule by paying $475,000 and implementing a corrective action plan. Presence Health is one of the largest health care networks serving Illinois and consists of approximately 150 locations, including 11 hospitals and 27 long-term care and senior living facilities. Presence also has multiple physicians’ offices and health care centers in its system and offers home care, hospice care, and behavioral health services. With this settlement amount, OCR balanced the need to emphasize the importance of timely breach reporting with the desire not to disincentive breach reporting altogether.
On January 31, 2014, OCR received a breach notification report from Presence indicating that on October 22, 2013, Presence discovered that paper-based operating room schedules, which contained the PHI of 836 individuals, were missing from the Presence Surgery Center at the Presence St. Joseph Medical Center in Joliet, Illinois. The information consisted of the affected individuals’ names, dates of birth, medical record numbers, dates of procedures, types of procedures, surgeon names, and types of anesthesia. OCR’s investigation revealed that Presence Health failed to notify, without unreasonable delay and within 60 days of discovering the breach, each of the 836 individuals affected by the breach, prominent media outlets (as required for breaches affecting 500 or more individuals), and OCR.
FCS 3450 HOMEWORK #41.Thomas Franklin arrived at the following t.docxmydrynan
FCS 3450 HOMEWORK #4
1.
Thomas Franklin arrived at the following tax information:
Gross salary, $46,660
Interest earnings, $225
Dividend income, $80
One personal exemption, $3,400
Itemized deductions, $7,820
Adjustments to income, $1,150
What amount would Thomas report as taxable income?
2.
If Lola Harper had the following itemized deductions, should she use Schedule A or the standard deduction? The standard deduction for her tax situation is $5,450.
Donations to church and other charities, $1,980
Medical and dental expenses that exceed 7.5 percent of adjusted gross income, $430
State income tax, $690
Job-related expenses that exceed 2 percent of adjusted gross income, $1,610
3.
What would be the average tax rate for a person who paid taxes of $4,864.14 on a taxable income of $39,870?
4.
Based on the following data, would Ann and Carl Wilton receive a refund or owe additional taxes?
Adjusted gross income, $46,186
Itemized deductions, $11,420
Child care tax credit, $80
Federal income tax withheld, $4,784
Amount for personal exemptions, $6,800
Average tax rate on taxable income, 15%
5. Would you prefer a fully taxable investment earning 10.7 percent or a tax-exempt investment earning 8.1 percent? Why? (Assume a 28 percent tax rate.)
6. On December 30, you decide to make a $1,000 charitable donation. If you are in a 28 percent tax bracket, how much would you save in taxes for the current year? If that tax savings was deposited in a savings account for the next five years at 6 percent, what would be the future value of that account?
1
Assignment 2: JPMorgan Chase
Strayer University
LEG 100
Discuss how administrative agencies like the Securities and Exchange Commission (SEC) or the Commodities Futures Trading Commission (CFTC) take action in order to be effective in preventing high-risk gambles in securities / banking, a foundation of the economy.
On January 11, 2012, the Commodity Futures Trading Commission (CFTC) voted 3-2 to propose regulations to implement Section 619 of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (Dodd-Frank Act), commonly referred to as the “Volcker Rule.” The proposal specifically prohibits a bank or institution that owns a bank from engaging in proprietary trading that is not at the behest of its clients, and from owning or investing in a hedge fund or private equity fund, and also limits the liabilities that the largest banks can hold .Under discussion is the possibility of restrictions on the way market making activities are compensated; traders would be paid on the basis of the spread of the transactions rather than any profit that the trader made for the client.
Determine the elements of a valid contract, and discuss how consumers and banks each have a duty of good faith and fair ...
The Latest Paradigm Shift in Health Care: Providers, Patients and Payers Play...Craig B. Garner
The presentation discusses recent paradigm shifts impacting disputes between providers, payers and patients. The role of alternative dispute resolution in the Affordable Care Act, including compliance
programs and Medicare is included, as well as the enforceability and use of mandatory arbitration agreements.
Telehealth Psychology Building Trust with Clients.pptxThe Harvest Clinic
Telehealth psychology is a digital approach that offers psychological services and mental health care to clients remotely, using technologies like video conferencing, phone calls, text messaging, and mobile apps for communication.
QA Paediatric dentistry department, Hospital Melaka 2020Azreen Aj
QA study - To improve the 6th monthly recall rate post-comprehensive dental treatment under general anaesthesia in paediatric dentistry department, Hospital Melaka
CHAPTER 1 SEMESTER V - ROLE OF PEADIATRIC NURSE.pdfSachin Sharma
Pediatric nurses play a vital role in the health and well-being of children. Their responsibilities are wide-ranging, and their objectives can be categorized into several key areas:
1. Direct Patient Care:
Objective: Provide comprehensive and compassionate care to infants, children, and adolescents in various healthcare settings (hospitals, clinics, etc.).
This includes tasks like:
Monitoring vital signs and physical condition.
Administering medications and treatments.
Performing procedures as directed by doctors.
Assisting with daily living activities (bathing, feeding).
Providing emotional support and pain management.
2. Health Promotion and Education:
Objective: Promote healthy behaviors and educate children, families, and communities about preventive healthcare.
This includes tasks like:
Administering vaccinations.
Providing education on nutrition, hygiene, and development.
Offering breastfeeding and childbirth support.
Counseling families on safety and injury prevention.
3. Collaboration and Advocacy:
Objective: Collaborate effectively with doctors, social workers, therapists, and other healthcare professionals to ensure coordinated care for children.
Objective: Advocate for the rights and best interests of their patients, especially when children cannot speak for themselves.
This includes tasks like:
Communicating effectively with healthcare teams.
Identifying and addressing potential risks to child welfare.
Educating families about their child's condition and treatment options.
4. Professional Development and Research:
Objective: Stay up-to-date on the latest advancements in pediatric healthcare through continuing education and research.
Objective: Contribute to improving the quality of care for children by participating in research initiatives.
This includes tasks like:
Attending workshops and conferences on pediatric nursing.
Participating in clinical trials related to child health.
Implementing evidence-based practices into their daily routines.
By fulfilling these objectives, pediatric nurses play a crucial role in ensuring the optimal health and well-being of children throughout all stages of their development.
Leading the Way in Nephrology: Dr. David Greene's Work with Stem Cells for Ki...Dr. David Greene Arizona
As we watch Dr. Greene's continued efforts and research in Arizona, it's clear that stem cell therapy holds a promising key to unlocking new doors in the treatment of kidney disease. With each study and trial, we step closer to a world where kidney disease is no longer a life sentence but a treatable condition, thanks to pioneers like Dr. David Greene.
The dimensions of healthcare quality refer to various attributes or aspects that define the standard of healthcare services. These dimensions are used to evaluate, measure, and improve the quality of care provided to patients. A comprehensive understanding of these dimensions ensures that healthcare systems can address various aspects of patient care effectively and holistically. Dimensions of Healthcare Quality and Performance of care include the following; Appropriateness, Availability, Competence, Continuity, Effectiveness, Efficiency, Efficacy, Prevention, Respect and Care, Safety as well as Timeliness.
Navigating Challenges: Mental Health, Legislation, and the Prison System in B...Guillermo Rivera
This conference will delve into the intricate intersections between mental health, legal frameworks, and the prison system in Bolivia. It aims to provide a comprehensive overview of the current challenges faced by mental health professionals working within the legislative and correctional landscapes. Topics of discussion will include the prevalence and impact of mental health issues among the incarcerated population, the effectiveness of existing mental health policies and legislation, and potential reforms to enhance the mental health support system within prisons.
Global launch of the Healthy Ageing and Prevention Index 2nd wave – alongside...ILC- UK
The Healthy Ageing and Prevention Index is an online tool created by ILC that ranks countries on six metrics including, life span, health span, work span, income, environmental performance, and happiness. The Index helps us understand how well countries have adapted to longevity and inform decision makers on what must be done to maximise the economic benefits that comes with living well for longer.
Alongside the 77th World Health Assembly in Geneva on 28 May 2024, we launched the second version of our Index, allowing us to track progress and give new insights into what needs to be done to keep populations healthier for longer.
The speakers included:
Professor Orazio Schillaci, Minister of Health, Italy
Dr Hans Groth, Chairman of the Board, World Demographic & Ageing Forum
Professor Ilona Kickbusch, Founder and Chair, Global Health Centre, Geneva Graduate Institute and co-chair, World Health Summit Council
Dr Natasha Azzopardi Muscat, Director, Country Health Policies and Systems Division, World Health Organisation EURO
Dr Marta Lomazzi, Executive Manager, World Federation of Public Health Associations
Dr Shyam Bishen, Head, Centre for Health and Healthcare and Member of the Executive Committee, World Economic Forum
Dr Karin Tegmark Wisell, Director General, Public Health Agency of Sweden
1. RESOLUTION AGREEMENT
I. Recitals
1. Parties. The Parties to this Resolution Agreement (“Agreement”) are:
A. The United States Department of Health and Human Services, Office for
Civil Rights (“HHS”), which enforces the Federal standards that govern the privacy of
individually identifiable health information (45 C.F.R. Part 160 and Subparts A and E of
Part 164, the “Privacy Rule”), the Federal standards that govern the security of electronic
individually identifiable health information (45 C.F.R. Part 160 and Subparts A and C of
Part 164, the “Security Rule”), and the Federal standards for notification in the case of
breach of unsecured protected health information (45 C.F.R. Part 160 and Subparts A and
D of 45 C.F.R. Part 164, the “Breach Notification Rule”). HHS has the authority to
conduct compliance reviews and investigations of complaints alleging violations of the
Privacy, Security, and Breach Notification Rules (the “HIPAA Rules”) by covered
entities and business associates, and covered entities and business associates must
cooperate with HHS compliance reviews and investigations. See 45 C.F.R. §§
160.306(c), 160.308, and 160.310(b).
B. North Memorial Health Care (“North Memorial”), which is a covered
entity, as defined at 45 C.F.R. § 160.103, and therefore is required to comply with the
HIPAA Rules. North Memorial is a comprehensive, not-for-profit health care system in
Minnesota that serves the Twin Cities north, central, and west communities.
HHS and North Memorial shall together be referred to herein as the “Parties.”
2. Factual Background and Covered Conduct. On September 27, 2011, North
Memorial reported to the HHS Office for Civil Rights that, on July 25, 2011, an unencrypted
laptop that contained the electronic protected health information of approximately 2,800
individuals (later amended to include an additional 6,697 individuals) who received care from
North Memorial was stolen from an Accretive Health (“Accretive”) workforce member’s locked
vehicle. In its report, North Memorial noted that Accretive was its business associate.
HHS’ investigation indicated that the following conduct appears to have occurred (“Covered
Conduct”):
A. North Memorial provided Accretive, a business associate, with access to
North Memorial’s protected health information (PHI) without obtaining satisfactory
assurances from Accretive, in the form of a written business associate agreement, that
Accretive would appropriately safeguard the PHI. North Memorial began providing
Accretive with access to North Memorial’s PHI on March 21, 2011, and did not enter
into a written business associate agreement with Accretive until October 14, 2011. See 45
C.F.R. § 164.308(b) and 45 C.F.R § 164.502(e).
B. From March 21, 2011 to October 14, 2011, North Memorial
impermissibly disclosed the PHI of at least 289,904 individuals to Accretive when North
Memorial provided Accretive with access to PHI without obtaining Accretive’s
2. 2
satisfactory assurances, in the form of a written business associate agreement, that
Accretive would appropriately safeguard the PHI. See 45 C.F.R. § 164.502(a).
C. North Memorial failed to conduct an accurate and thorough risk analysis
that incorporated all of North Memorial’s information technology equipment,
applications, and data systems using electronic PHI. See 45 C.F.R. § 164.308(a)(1)(ii)(A).
3. No Admission. This Agreement is not an admission of liability by North
Memorial.
4. No Concession. This Agreement is not a concession by HHS that North
Memorial is not in violation of the HIPAA Rules and that North Memorial is not liable for civil
money penalties.
5. Intention of Parties to Effect Resolution. This Agreement is intended to resolve
HHS Transaction No. 13-150938 and any violations of the HIPAA Rules for the Covered
Conduct specified in paragraph I.2 of this Agreement. In consideration of the Parties’ interest in
avoiding the uncertainty, burden and expense of further investigation and formal proceedings,
the Parties agree to resolve this matter according to the Terms and Conditions below.
II. Terms and Conditions
6. Payment. North Memorial agrees to pay HHS the amount of $1,550,000
(“Resolution Amount”). North Memorial agrees to pay the Resolution Amount on the Effective
Date of this Agreement as defined in paragraph II.14 by automated clearing house transaction
pursuant to written instructions to be provided by HHS.
7. Corrective Action Plan. North Memorial has entered into and agrees to comply
with the Corrective Action Plan (CAP), attached as Appendix A, which is incorporated into this
Agreement by reference. If North Memorial breaches the CAP, and fails to cure the breach as set
forth in the CAP, then North Memorial will be in breach of this Agreement, and HHS will not be
subject to the release set forth in paragraph II.8 of this Agreement.
8. Release by HHS. In consideration of and conditioned upon North Memorial’s
performance of its obligations under this Agreement, HHS releases North Memorial from any
actions it may have against North Memorial under the HIPAA Rules for the Covered Conduct
specified in paragraph I.2 of this Agreement. HHS does not release North Memorial from, nor
waive any rights, obligations, or causes of action other than those for the Covered Conduct and
referred to in this paragraph. This release does not extend to actions that may be brought under
section 1177 of the Social Security Act, 42 U.S.C. § 1320d-6.
3. 3
9. Agreement by Released Party. North Memorial shall not contest the validity of
its obligation to pay, nor the amount of, the Resolution Amount or any other obligations agreed
to under this Agreement. North Memorial waives all procedural rights granted under section
1128A of the Social Security Act (42 U.S.C. § 1320a-7a), 45 C.F.R. Part 160, Subpart E, and
HHS Claims Collection provisions, 45 C.F.R. Part 30, including, but not limited to, notice,
hearing, and appeal with respect to the Resolution Amount.
10. Binding on Successors. This Agreement is binding on North Memorial and its
successors, heirs, transferees, and assigns.
11. Costs. Each Party to this Agreement shall bear its own legal and other costs
incurred in connection with this matter, including the preparation and performance of this
Agreement.
12. No Additional Releases. This Agreement is intended to be for the benefit of the
Parties only, and by this instrument the Parties do not release any claims against any other person
or entity.
13. Effect of Agreement. This Agreement constitutes the complete agreement
between the Parties. All material representations, understandings, and promises of the Parties are
contained in this Agreement. Any modifications to this Agreement must be in writing and signed
by both Parties.
14. Execution of Agreement and Effective Date. The Agreement shall become
effective (i.e., final and binding) on the date of signing of this Agreement and the CAP by the
last signatory (“Effective Date”).
15. Tolling of Statute of Limitations. Pursuant to 42 U.S.C. § 1320a-7a(c)(1), a civil
money penalty (“CMP”) must be imposed within six (6) years from the date of the occurrence of
the violation. To ensure that this six-year period does not expire during the term of this
Agreement, North Memorial agrees that the time between the Effective Date of this Agreement
and the date this Agreement may be terminated by reason of North Memorial’s breach, plus one
year thereafter, will not be included in calculating the six (6) year statute of limitations
applicable to the violations which are the subject of this Agreement. North Memorial waives and
will not plead any statute of limitations, laches, or similar defenses to any administrative action
relating to the Covered Conduct identified in paragraph I.2 that is filed by HHS within the time
period set forth above, except to the extent that such defenses would have been available had an
administrative action been filed on the Effective Date of this Agreement.
16. Disclosure. HHS places no restriction on the publication of the Agreement. In
addition, HHS may be required to disclose this Agreement and related material to any person
upon request consistent with the applicable provisions of the Freedom of Information Act, 5
U.S.C. § 552, and its implementing regulations, 45 C.F.R. Part 5.
17. Execution in Counterparts. This Agreement may be executed in counterparts,
each of which constitutes an original, and all of which shall constitute one and the same
agreement.
4. 4
18. Authorizations. The individual(s) signing this Agreement on behalf of North
Memorial represent and warrant that they are authorized by North Memorial to execute this
Agreement. The individual(s) signing this Agreement on behalf of HHS represent and warrant
that they are signing this Agreement in their official capacities and that they are authorized to
execute this Agreement.
For North Memorial Health Care
/s/
J. Kevin Croston, M.D.
Chief Executive Officer
North Memorial Health Care
Date
For the United States Department of Health and Human Services
/s/
Celeste H. Davis
Regional Manager
Office for Civil Rights, Midwest Region
Date
5. Appendix A
CORRECTIVE ACTION PLAN BETWEEN
THE DEPARTMENT OF HEALTH AND HUMAN SERVICES, OFFICE FOR CIVIL
RIGHTS
AND
NORTH MEMORIAL HEALTH CARE
I. Preamble
North Memorial Health Care (“North Memorial”) hereby enters into this Corrective
Action Plan (“CAP”) with the United States Department of Health and Human Services, Office
for Civil Rights (“HHS” or “OCR”). Contemporaneously with this CAP, North Memorial is
entering into a Resolution Agreement (“Agreement”) with HHS, and this CAP is incorporated by
reference into the Agreement as Appendix A. North Memorial enters into this CAP as part of the
consideration for the release in paragraph II.8 of the Agreement.
II. Contact Persons and Submissions
A. Contact Persons
North Memorial has identified the following individual as its authorized representative
and contact person regarding the implementation of this CAP and for receipt and submission of
notifications and reports:
Deb Contreras, RHIA
Director, Health Information Management
Privacy Officer
North Memorial Health Care
3300 Oakdale Ave N
Robbinsdale, MN 55422
Phone: 763-581-4437
Deb.Contreras@NorthMemorial.com
HHS has identified the following individual as its contact person with whom North
Memorial is to report information regarding the implementation of this CAP:
Celeste H. Davis
Regional Manager
Office for Civil Rights, Midwest Region
U.S. Department of Health and Human Services
233 N. Michigan Avenue; Suite 240
Chicago, Illinois 60601
6. 2
Celeste.Davis@hhs.gov
Telephone: 312-353-8101
Facsimile: 312-886-1807
North Memorial and HHS agree to promptly notify each other of any changes in the
contact persons or the other information provided above.
B. Proof of Submissions
Unless otherwise specified, all notifications and reports required by this CAP may be
made by any means, including certified mail, overnight mail, or hand delivery, provided that
there is proof that such notification was received. For purposes of this requirement, internal
facsimile confirmation sheets do not constitute proof of receipt.
III. Effective Date and Term of CAP
The Effective Date for this CAP shall be calculated in accordance with paragraph 14 of
the Agreement (“Effective Date”). The period for compliance (“Compliance Term”) with the
obligations assumed by North Memorial under this CAP shall begin on the Effective Date of this
CAP and end two (2) years from the date HHS approves the last of the policies and procedures,
risk analysis, and risk management plan required under section V of this CAP, unless HHS has
notified North Memorial under section VIII hereof of its determination that North Memorial has
breached this CAP. In the event of such a notification by HHS under section VIII hereof, the
Compliance Term shall not end until HHS notifies North Memorial that it has determined that
the breach has been cured. After the Compliance Term ends, North Memorial shall still be
obligated to submit the final Annual Report as required by section VI and comply with the
document retention requirement in section VII of this CAP.
IV. Time
In computing any period of time prescribed or allowed by this CAP, all days referred to
shall be calendar days. The day of the act, event, or default from which the designated period of
time begins to run shall not be included. The last day of the period so computed shall be
included, unless it is a Saturday, a Sunday, or a legal holiday, in which event the period runs
until the end of the next day that is not one of the aforementioned days.
V. Corrective Action Obligations
North Memorial agrees to the following:
A. Develop Policies and Procedures Related to Business Associate Relationships
1. North Memorial shall develop policies and procedures that: (a) designate
one or more individual(s) who are responsible for ensuring that North
Memorial enters into a business associate agreement with each of its
business associates, as defined by the HIPAA Rules, prior to North
Memorial disclosing protected health information (PHI) to the business
associate; (b) create a process for assessing North Memorial’s current and
7. 3
future business relationships to determine whether each relationship is
with a business associate, as defined by the HIPAA Rules, and requires
North Memorial to enter into a business associate agreement; (c) create a
process for negotiating and entering into business associate agreements
with business associates prior to disclosing PHI to the business associates;
(d) create a process for maintaining documentation of a business associate
agreement for at least six (6) years beyond the date of when the business
associate relationship is terminated; and (e) limit disclosures of PHI to
business associates to the minimum necessary amount of PHI that is
reasonably necessary for business associates to perform their duties.
2. Within ninety (90) calendar days of the Effective Date, North Memorial
shall forward the policies and procedures required by section V.A.1 of this
CAP to HHS for HHS’ review and approval. HHS will inform North
Memorial in writing as to whether HHS approves or disapproves of the
proposed policies and procedures within a reasonable time. If HHS
disapproves of them, HHS shall provide North Memorial with comments
and required revisions within a reasonable time. Upon receiving any
required revisions to such policies and procedures from HHS, North
Memorial shall have sixty (60) calendar days in which to revise the
policies and procedures accordingly, and then submit the revised policies
and procedures to HHS for review and approval. This process shall
continue until HHS approves the policies and procedures.
3. Within sixty (60) calendar days of HHS’ approval of the policies and
procedures required by section V.A.1 of this CAP, North Memorial
shall finalize and officially adopt the policies and procedures, in
accordance with its applicable administrative procedures.
B. Modify Existing Risk Analysis Process
1. Within one hundred eighty (180) calendar days of the Effective Date,
North Memorial shall complete an updated, comprehensive, and thorough
risk analysis of security risks and vulnerabilities that incorporates all
electronic equipment, data systems, and applications controlled,
administered, or owned by North Memorial, its workforce members, and
affiliated staff that contains, stores, transmits, or receives electronic PHI
(ePHI). North Memorial shall develop a complete inventory of all
electronic equipment, data systems, and applications that contain or store
ePHI, which will be incorporated in its risk analysis. The risk analysis
shall be forwarded to HHS for its review and approval consistent with
section V.C.2 of this CAP.
C. Develop and Implement a Risk Management Plan
1. North Memorial shall develop an organization-wide risk management plan
to address and mitigate any security risks and vulnerabilities identified in
8. 4
the risk analysis and, if necessary, revise its policies and procedures
accordingly. The risk management plan and any revised policies and
procedures shall be forwarded to HHS for its review and approval
consistent with section V.C.2 of this CAP.
2. Within ninety (90) calendar days of the completion of the risk analysis
required by section V.B.1 of this CAP, North Memorial shall forward the
risk analysis and the risk management plan and any revised policies and
procedures required by section V.C.1 of this CAP to HHS for its review
and approval. HHS will inform North Memorial in writing as to whether
HHS approves or disapproves of the proposed risk analysis, risk
management plan, or any policies and procedures within a reasonable
time. If HHS disapproves of them, HHS shall provide North Memorial
with comments and required revisions within a reasonable time. Upon
receiving any required revisions to the risk analysis, risk management
plan, or any policies and procedures from HHS, North Memorial shall
have sixty (60) calendar days in which to revise the documents, and then
submit the revised documents to HHS for review and approval. This
process shall continue until HHS approves the risk analysis, risk
management plan, and any policies and procedures.
3. Within sixty (60) calendar days of HHS’ approval of the risk management
plan and any revised policies and procedures required by section V.C.1 of
this CAP, North Memorial shall finalize and officially adopt the risk
management plan and any revised policies and procedures, in accordance
with its applicable administrative procedures. North Memorial shall
immediately thereafter begin implementation of the risk management plan
and shall distribute the plan and any revised policies and procedures to all
workforce members who are involved in the plan’s implementation.
D. Training
1. Within sixty (60) days of HHS’ approval of the policies and procedures
required by section V.A.1 of this CAP regarding business associates,
North Memorial shall forward its proposed training materials on the
policies and procedures to HHS for its review and approval.
2. Within thirty (30) days of HHS’ approval of any revised policies and
procedures required by section V.C.1 of this CAP regarding risk
management, North Memorial shall forward its proposed training
materials on the revised policies and procedures to HHS for its review and
approval.
3. HHS will inform North Memorial in writing as to whether HHS approves
or disapproves of the proposed training materials within a reasonable time.
If HHS disapproves of them, HHS shall provide North Memorial with
9. 5
comments and required revisions within a reasonable time. Upon receiving
any required revisions to the training materials from HHS, North
Memorial shall have sixty (60) calendar days in which to revise the
training materials, and then submit the revised training materials to HHS
for review and approval.
4. Within ninety (90) days of HHS’ approval of the training materials, North
Memorial shall provide training to all appropriate workforce members, in
accordance with North Memorial’s applicable administrative procedures
for training.
5. After providing the training required by section V.D.4 of this CAP, North
Memorial shall provide annual retraining on the training materials OCR
approved under this CAP to all appropriate workforce members for the
duration of the Compliance Term of this CAP.
6. Each workforce member who is required to receive training shall certify,
in electronic or written form, that he or she received the training. The
training certification shall specify the date on which the training was
received. All training materials shall be retained in compliance with
section VII of this CAP.
VI. Reportable Events and Annual Reports
A. Reportable Events
1. During the Compliance Term, North Memorial shall, upon receiving
information that a workforce member may have failed to comply with any
provision of the policies and procedures required by section V.A.1 or
section V.C.1 of this CAP, promptly investigate the matter. If North
Memorial determines that a workforce member has violated the policies
and procedures required by section V.A.1 or section V.C.1 of this CAP,
North Memorial shall notify HHS in writing within thirty (30) days. Such
violations shall be known as “Reportable Events.” The report to HHS shall
include the following:
a. A complete description of the event, including relevant facts, the
persons involved, and the implicated provision(s) of North
Memorial’s policies and procedures; and
b. A description of actions taken and any further steps North
Memorial plans to take to address the matter, to mitigate the harm,
and to prevent it from recurring, including the application of
appropriate sanctions against workforce members who failed to
comply with its policies and procedures.
10. 6
2. If no Reportable Events occur during any one Reporting Period, as defined
in section VI.B.1 of this CAP, North Memorial shall so inform HHS in its
Annual Report for that Reporting Period.
B. Annual Reports
1. The one-year period after HHS’ last approval of the policies and
procedures, risk analysis, and risk management plan required under
section V of this CAP, and each subsequent one-year period during the
Compliance Term, as defined in section III of this CAP, shall each be
known as a “Reporting Period.” North Memorial shall submit to HHS a
report with respect to the status of and findings regarding North
Memorial’s compliance with this CAP for each Reporting Period
(“Annual Report”). North Memorial shall submit each Annual Report to
HHS no later than thirty (30) days after the end of each corresponding
Reporting Period. Each Annual Report shall include:
a. An attestation signed by an officer of North Memorial attesting
that the policies and procedures and risk management plan
required by section V of this CAP: (a) have been adopted; (b) are
being implemented; and (c) have been distributed to all appropriate
workforce members;
b. A copy of all training materials used for the training required by
section V of this CAP, a description of the training, including a
summary of the topics covered, the length of the training session(s)
conducted and a schedule of when the training session(s) were
held;
c. A summary of Reportable Events (defined in section VI.A.1 of this
CAP) identified during the Reporting Period and the status of any
corrective or preventative action(s) taken by North Memorial
relating to each Reportable Event;
d. An attestation signed by an officer of North Memorial attesting
that it has obtained and is maintaining written or electronic
certifications from all workforce members that are required to
receive training that they received the requisite training pursuant to
the requirements set forth in this CAP;
e. An attestation signed by an officer of North Memorial listing all of
North Memorial’s locations, the name under which each location is
doing business, the corresponding mailing address, phone number
and fax number for each location, and attesting that each location
has complied with the obligations of this CAP; and
f. An attestation signed by an officer of North Memorial stating that
he or she has reviewed the Annual Report, has made a reasonable
11. 7
inquiry regarding its content, and believes that, upon such inquiry,
the information is accurate and truthful.
VII. Document Retention
North Memorial shall maintain for inspection and copying, and shall provide to OCR
upon request, all documents and records relating to compliance with this CAP for six (6) years
from the Effective Date.
VIII. Requests for Extensions and Breach Provisions
North Memorial is expected to fully and timely comply with all provisions contained in
this CAP.
A. Timely Written Requests for Extensions. North Memorial may, in advance of any
due date in this CAP, submit a timely written request for an extension of time to perform any act
or file any notification or report required by this CAP. A “timely written request” is defined as a
request in writing received by HHS at least five (5) business days prior to the date by which any
act is due to be performed.
B. Notice of Breach and Intent to Impose CMP. The Parties agree that a breach of
this CAP by North Memorial constitutes a breach of the Agreement. Upon a determination by
HHS that North Memorial has breached this CAP, HHS may notify North Memorial of: (1)
North Memorial’s breach and (2) HHS’ intent to impose a civil monetary penalty (CMP),
pursuant to 45 C.F.R. Part 160, for the Covered Conduct in paragraph I.2 of the Agreement and
for any other conduct that constitutes a violation of the HIPAA Rules (“Notice of Breach and
Intent to Impose CMP”).
C. North Memorial’s Response. North Memorial shall have thirty (30) days from the
date of receipt of the Notice of Breach and Intent to Impose CMP to demonstrate to HHS’
satisfaction that:
1. North Memorial is in compliance with the obligations of this CAP that
HHS cited as the basis for the breach;
2. The alleged breach has been cured; or
3. The alleged breach cannot be cured within the 30-day period, but that: (a)
North Memorial has begun to take action to cure the breach; (b) North
Memorial is pursuing such action with due diligence; and (c) North
Memorial has provided to HHS a reasonable timetable for curing the
breach.
D. Imposition of CMP. If at the conclusion of the 30-day period, North Memorial
fails to meet the requirements of section VIII.C of this CAP to HHS’ satisfaction, HHS may
proceed with the imposition of a CMP against North Memorial pursuant to 45 C.F.R. Part 160
for any violations of the HIPAA Rules related to the Covered Conduct in paragraph I.2 of the
Agreement and for any other act or failure to act that constitutes a violation of the HIPAA Rules.
12. 8
HHS shall notify North Memorial in writing of its determination to proceed with the imposition
of a CMP.
For North Memorial Health Care
/s/
J. Kevin Croston, M.D.
Chief Executive Officer
North Memorial Health Care
Date
For the United States Department of Health and Human Services
/s/
Celeste H. Davis
Regional Manager
Office for Civil Rights, Midwest Region
Date