Mass. General shells out $1M to settle potential HIPAA violations

Clean Sweep Live Auction on Thur. Dec. 12th. Click to view the full inventory

Mass. General shells out $1M to settle potential HIPAA violations

Olga Deshchenko, DOTmed News Reporter | February 25, 2011
The U.S. Department of Health and Human Services said Friday that Massachusetts General Hospital in Boston will pay the government $1 million to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 Privacy Rule.

The General Hospital Corporation and Massachusetts General Physicians Organization Inc. also signed a Resolution Agreement with the department that requires it to develop a set of policies and procedures to protect its patients' privacy, HHS said. The settlement is a result of an HHS Office for Civil Rights investigation, an entity that enforces the law's privacy rules.

After a patient whose personal health information was lost on March 9, 2009 filed a complaint, OCR opened an investigation into a Mass General Infectious Disease Associates outpatient practice. According to HHS, one of the facility's employees left documents containing PHI of 192 patients, including patients with HIV/AIDS, on the train while commuting to work. The records weren't recovered.

THE (LEADER) IN MEDICAL IMAGING TECHNOLOGY SINCE 1982. SALES-SERVICE-REPAIR

Special-Pricing Available on Medical Displays, Patient Monitors, Recorders, Printers, Media, Ultrasound Machines, and Cameras.This includes Top Brands such as SONY, BARCO, NDS, NEC, LG, EDAN, EIZO, ELO, FSN, PANASONIC, MITSUBISHI, OLYMPUS, & WIDE.

The information included names, medical record numbers, dates of birth, health insurer and policy numbers, diagnosis and names of providers for 66 of the patients, the agency said.

OCR's investigation found that "Mass General failed to implement reasonable, appropriate safeguards to protect the privacy of PHI when removed from Mass General's premises and impermissibly disclosed PHI potentially violating provisions of the HIPAA Privacy Rule," according to HHS.

"We hope the health care industry will take a close look at this agreement and recognize that OCR is serious about HIPAA enforcement. It is a covered entity's responsibility to protect its patients' health information," Georgina Verdugo, director of OCR, said in prepared remarks.

You Must Be Logged In To Post A Comment