About four years ago, an Indianapolis TV news station found that Rite Aid – and other pharmacies around the country – were dumping patient information in public trash bins. Based on this report, the Dept. of Health and Human Services Office of Civil Rights (OCR) opened an investigation of Rite Aid, and yesterday announced that it has reached a million dollar settlement with the drug store giant. OCR collaborated with the Federal Trade Commission (FTC) on the investigation.
The Health Insurance Portability & Accountability Act (HIPAA) requires covered entities (like hospitals, pharmacies, doctors’ offices) to protect the privacy of patient information with “reasonable” physical, technical and administrative safeguards. This includes the disposal of records and documents containing patient information. Privacy experts agree: tossing sensitive data in public trash without encryption, shredding – or really any method of protecting the data from even your average dumpster diver – doesn’t quite measure up to “reasonable.” Not even close.
Read more »