The federal government has made clear that it is serious about enforcing the HIPAA Privacy and Security Rules. Before HITECH’s data breach notification requirements were in place and being enforced, a Massachusetts General Hospital employee took documents containing protected health information (“PHI”) from her bag and placed them on the seat beside her while commuting on the subway. The documents were left on the subway and never recovered. Unfortunately, the documents included PHI of 192 patients who had been treated in the hospital’s infectious disease practice, including HIV/AIDS patients.
“To avoid enforcement penalties, covered entities must ensure they are always in compliance with the HIPAA Privacy and Security Rules,” HHS Office of Civil Rights Director Georgina Verdugo said in a statement. “A robust compliance program includes employee training, vigilant implementation of policies and procedures, regular internal audits, and a prompt action plan to respond to incidents.”
The settlement stems from a 2009 complaint from a patient whose personal health information was lost.
Source: Donnelly, Julie M. Boston Business Journal. 24 Feb. 2011.
© 2011 Parsonage Vandenack Williams LLC
For more information, contact firstname.lastname@example.org