Thursday, February 21, 2013

$750K to Settle Patient Data Breach Allegations

A Massachusetts hospital agreed to pay $750,000 to resolve allegations that it failed to protect the personal and confidential health information of more than 800,000 consumers, according to Attorney General Martha Coakley.

The investigation and settlement resulted from a data breach reported to the AG’s Office in July 2010 that included individual’s names, Social Security numbers, financial account numbers, and medical diagnoses.

"Hospitals and other entities that handle personal and protected health information have an obligation to properly protect this sensitive data, whether it is in paper or electronic form." - AG Coakley, Attorney General, Massachusetts

The allegations against the hospital are based on both federal and state law violations, including failing to implement appropriate safeguards, policies, and procedures to protect consumers’ information, failing to have a Business Associate Agreement in place, and failing to properly train its workforce with respect to health data privacy.

According to the consent judgment, the hospital has agreed to take a variety of steps to ensure compliance with state and federal data security laws and regulations, including requirements regarding its contracts with business associates and third-party service providers engaged for data destruction purposes. They also agreed to undergo a review and audit of security measures and to report results and corrective actions to the Attorney General.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) South Shore Hospital to Pay $750,000 to Settle Data Breach Allegations - Massachusetts Attorney General's Office,05/24/2012

No comments:

Popular Posts

Copyright © 2010-2017 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.