Mass General Fined $1 Million For Losing Patient Records

Posted March 1, 2011 by Kelly Kane in Data Breach, Health Care, HIPAA with 0 comments

Following closely on the heels of its first Health Insurance Portability and Accountability Act (HIPAA) privacy rule fine, the Department of Health and Human Services (HHS) has doled out a $1 million fine against Massachusetts General Hospital for a data breach involving 192 patients being treated for infectious diseases.

HHS levied the fine on Mass General for a data breach involving the loss of documents containing names and medical record numbers of 192 patients at the hospital’s Infectious Disease Associates practice, as well as billing forms that included names, dates of birth, medical record numbers, health insurers and policy numbers, diagnosis, and names of provider for 66 of those patients. The practice treats patients with HIV/AIDS, as well as other infectious diseases.

According to HHS, the documents, which were not recovered, were left by a Mass General employee on the subway on March 9, 2009.

The HIPAA privacy rule requires health care providers to protect the privacy of patient information through administrative, physical and technical safeguards, HHS said.

Read full article in Infosecurity >>

Tags: , , , ,
Share|

Leave a Reply

Name (required)

Mail (will not be published) (required)

Website

Spam protection by WP Captcha-Free

Powered by
©2012 TeamSHATTER