Digital News Report – The US Department of Health and Human Service (HHS) announced that Rite Aid Corporation along with 40 of their affiliated groups (RAC) agreed to pay $1 million to settle potential violations that may have occurred concerning not following the privacy HIPAA laws rules. RAC also signed an consent order with the Federal Trade Commission (FTC) for possible violations with the FTC Act.
Rite Aid will be taking actions to improve their privacy protection with their customers when they dispose of their information on pill bottle labels and with other information that they keep on file about customers health.
Rite Aid was investigated after several televised media reports showed their pharmacies disposing of prescriptions and labeled bill bottles that had peoples information on it into industrial trash containers. These trash containers were put out in a public place were anyone could possibly get the information. Disposing this personal health information in a trash container that could be accessible by unauthorized persons is a against the HIPAA Privacy Rule.
“It is critical that companies, large and small, build a culture of compliance to protect consumers’ right to privacy and safeguard health information. OCR is committed to strong enforcement of HIPAA,” said Georgina Verdugo, director of OCR. “We hope that this agreement will spur other health organizations to examine and improve their policies and procedures for protecting patient information during the disposal process.”
The HHS Resolution Agreement and Corrective Action Plan can be found on the OCR website at http://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/index.html.
OCR has FAQs that address the HIPAA Privacy Rule requirements for disposal of protected health information. They can be found on the OCR website at http://www.hhs.gov/ocr/privacy/index.html.
By: Victoria Brown