Another example of the consequences of neglecting to conduct annual security risk assessments and having the required Business Associate Agreements in place with your business associate vendors. This case resulted in a $500,000 monetary settlement as well as a 2-year corrective action plan (CAP) for potential violations of the HIPAA Security Rule. The link below is the official press release which contains further links to a signed copy of the settlement agreement, including the details of the CAP.