Rhode Island Hospital Reaches Settlement with Massachusetts AG to Resolve Data Security Allegations

more+
less-

Last week, Women & Infants Hospital of Rhode Island (“W&I”) reached a settlement with the Massachusetts Attorney General to resolve allegations that W&I failed to adequately protect personal data stored on unencrypted backup tapes, violating both state and federal data security laws.  W&I has agreed to enhance its data security compliance program and to pay a total of $150,000.

In 2011, W&I sent 19 unencrypted backup tapes to its Prenatal Diagnostics Centers located in both Rhode Island and Massachusetts.  W&I did not realize that these tapes were missing until fall 2012, at which time W&I reported the issue to the Massachusetts Attorney General.  The backup tapes included Social Security numbers, physicians’ names, ultrasound images, and other information of 12,127 Massachusetts residents.

To improve its compliance program, W&I has agreed to maintain an up-to-date inventory of all locations, custodians, and descriptions of unencrypted electronic media and paper patient charts containing personal information.  W&I has also agreed to audit its security measures and take appropriate corrective action, and the process is already underway.  Soon after news of the settlement broke, W&I released a statement that it had already begun “a number of corrective actions” including reviewing policies and procedures, conducting additional training, and improving backup tape receipt and storage practices.  Additionally, W&I will pay a fine of $150,000: $110,000 in a civil penalty; $25,000 towards attorneys’ fees and costs; and $15,000 towards two funds – one for future data security litigation, and the other to promote education on protecting personal information.

The settlement with W&I marks the latest installment of a state Attorney General enforcing data security laws.  Entities that interact with personal data, including but not limited to protected health information, should be aware of their responsibilities to and the enforcement powers of state officials in addition to federal authorities. 


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Cooley LLP | Attorney Advertising

Written by:

more+
less-

Cooley LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×
Loading...
×
×