Massachusetts Hospital Settles Improper Record Disposal Accusations as OCR Makes Public Its State AG Training Materials
After two boxes of un-encrypted backup tapes were lost in shipment (and following a two-year investigation by the Attorney General of Massachusetts) South Shore Hospital (SSH) in Massachusetts has agreed to a settlement of $750,000 for failure to adequately safeguard patient health information under the Health Information Portability and Accountability Act (HIPAA) and state consumer protection laws. SSH's settlement, much like the federal Office of Civil Rights' (OCR's) “Resolution Agreements” also requires broad and ongoing compliance and thirdparty auditing activities likely to result in substantial additional costs. The state's action could be seen as emblematic of a new rise of state, rather than federal, enforcement action against both providers and their business associates. State attorneys general, thanks to changes made by the Health Information Technology for Economic and Clinical Health (HITECH) Act, are learning to wield newfound authority to bring lucrative civil actions based on violations of federal HIPAA requirements and state consumer protection and privacy laws.
Please see full alert below for more information.
Firefox recommends the PDF Plugin for Mac OS X for viewing PDF documents in your browser.
We can also show you Legal Updates using the Google Viewer; however, you will need to be logged into Google Docs to view them.
Please choose one of the above to proceed!
LOADING PDF: If there are any problems, click here to download the file.