Privacy & Security Matters Mintz Levin : Data Compliance & Security, Employee Privacy Lawyer & Attorney

Massachusetts General Hospital settles 2009 breach with Office of Civil Rights

Posted in Data Breach, HIPAA/HITECH

The cost of data breaches keeps on rising.  Add another million to this week’s HIPAA charges.

Just released this afternoon – the Office of Civil Rights announced that it has reached a settlement with Massachusetts General Hospital relating to a 2009 loss of medical records when a billing manager who was carrying the records accidentally left them on a train.  The incident involved 192 patients of the hospital’s Infectious Disease Associates outpatient practice, including patients with HIV/AIDS. 

Today’s press release announced that the settlement includes a $1,000,000 payment and a resolution agreement, including a corrective action plan, under which Massachusetts General agrees to undertake measures to improve the privacy and security of patient medical records.

The Resolution Agreement and Corrective Action Plan can be reviewed here.