Comments (0) 
Rite Aid Agrees to Pay $1 Million to Settle HIPAA Privacy Case
By Dissent, July 27, 2010 2:16 pm
See the companion press release from the FTC in a previous post.
Rite Aid Corporation and its 40 affiliated entities (RAC) have agreed to pay $1 million to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule, the U.S. Department of Health and Human Services (HHS) announced today. In a coordinated action, RAC also signed a consent order with the Federal Trade Commission (FTC) to settle potential violations of the FTC Act.
Rite Aid, one of the nation’s largest drug store chains, has also agreed to take corrective action to improve policies and procedures to safeguard the privacy of its customers when disposing of identifying information on pill bottle labels and other health information. The settlements apply to all of Rite Aid’s nearly 4,800 retail pharmacies and follow an extensive joint investigation by the HHS Office for Civil Rights (OCR) and the FTC.
The OCR, which enforces the HIPAA Privacy and Security Rules, opened its investigation of RAC after television media videotaped incidents in which pharmacies were shown to have disposed of prescriptions and labeled pill bottles containing individuals’ identifiable information in industrial trash containers that were accessible to the public. These incidents were reported as occurring in a variety of cities across the United States. Rite Aid pharmacy stores in several of the cities were highlighted in media reports.
Continue reading 'Rite Aid Agrees to Pay $1 Million to Settle HIPAA Privacy Case'»
Rite Aid Settles FTC Charges That It Failed to Protect Medical and Financial Privacy of Customers and Employees
By Dissent, July 27, 2010 2:08 pm
The following is the FTC’s press release. In the next post, I’ll publish HHS’s press release on their settlement with Rite Aid.
Rite Aid Corporation has agreed to settle Federal Trade Commission charges that it failed to protect the sensitive financial and medical information of its customers and employees, in violation of federal law. In a separate but related action, the company’s pharmacy chain also has agreed to pay $1 million to resolve Department of Health and Human Services allegations that it failed to protect customers’ sensitive health information.
“Companies that say they will protect personal information shouldn’t be tossing patient prescriptions and employment applications in an open dumpster,” said Jon Leibowitz, Chairman of the Federal Trade Commission. “We hope other organizations will learn from the FTC’s action against Rite Aid to take their obligation to protect consumers’ personal information
seriously.”
Rite Aid operates the third largest pharmacy chain in the United States, with about 4,900 retail pharmacies and an online pharmacy business.
The FTC began its investigation following news reports about Rite Aid pharmacies using open dumpsters to discard trash that contained consumers’ personal information such as pharmacy labels and job applications. At the same time, HHS began investigating the pharmacies’ disposal of health information protected by the Health Insurance Portability and Accountability Act (HIPAA). This is the second case in which the FTC and HHS coordinated their investigations and settlements. The agencies resolved similar allegations with CVS Caremark in February 2009.
Estranged from family, doctor snoops in records
By Dissent, July 27, 2010 11:39 am
Lora Pabst of the Star Tribune reported this a few weeks ago:
As his 22-year marriage was falling apart, Dr. Mark Schleiss was desperate for information about his estranged family. Court records show that his wife, Collett, wouldn’t return his phone calls. His oldest daughter refused to see him before she moved to Oregon for college. He couldn’t even find out why his teenage son was seeing a physical therapist.
Locked out of his home and ignored by his loved ones, Schleiss, a prominent University of Minnesota researcher, took matters into his own hands. He used his position at the university to peek into the medical records of his wife and two teenage daughters a dozen times in 2008 and 2009, university and other records show.
The state Board of Medical Practice investigated but did not discipline Schleiss, who heads the university’s pediatric infectious diseases division. Federal regulators are investigating to see if privacy laws were violated, according to e-mails sent to Collett Schleiss.
His wife says that after a while, she had become suspicious that he was actually obtaining information on them and that
Her suspicions were confirmed in June 2009, when she got letters notifying her of the privacy breaches from the university and Fairview Health Services, where family members were treated.
Four months later, Collett was told that Mark’s access to medical records would be monitored for six months by the University of Minnesota Physicians, a group of faculty members who practice at various locations. In an e-mail, the group’s compliance officer said Mark Schleiss had been disciplined for his “inappropriate access of medical records,” but provided no details.
Read more on the Star Tribune.
If the allegations are true, do you think he should have been fired?
The plot thickens….
By Dissent, July 27, 2010 8:40 am
Steve Adams reports:
A Pennsylvania company hired by South Shore Hospital to dispose of patient records outsourced the work to a second company, contributing to delays announcing the disappearance of 800,000 patients’ files.
Phoenixville, Pa.-based Archive Data Solutions was notified in early May by the outside vendor that 800,000 individuals’ records removed from the hospital on Feb. 26 were lost, spokeswoman Jill Fallon said Monday. Fallon declined to name the other vendor.
Read more in the Patriot Ledger.
Why do these firms continue to try to protect the identities of those who have been involved in breaches? This all usually becomes a matter of public record anyway and it makes them look like they care more about the reputation of their business partners than they do the individuals whose lives have been affected.
Themocracy