If you are one of the thousands of HIPAA professionals who struggle every day to make their colleagues understand why all the finicky (and let’s face it sometimes downright annoying) HIPAA rules have to be followed to the letter here is yet another cautionary tale you can now use to back your arguments up.
On Tuesday July 27th, 2010 it was announced that drugstore giant Rite Aid had agreed to a $1 million settlement to atone for their HIPAA transgressions. The settlements apply to all of Rite Aid’s nearly 4,800 retail pharmacies and follow an extensive joint investigation by the HHS Office for Civil Rights (OCR) and the FTC.
The problems began for Rite Aid and its 40 affiliated entities – collectively known as RAC – when the television news media began producing video footage of various RAC employees in several cities across the country disposing of prescription bottles containing individuals’ identifiable information in industrial dumpsters that were accessible by the public – a huge HIPAA violation that one would have assumed a giant corporation would have known better than to ever risk.
In addition to the fines Rite Aid has had to forge agreements with both the OCR (Office for Civil Rights) and the FTC (Federal Trade Commission) who conducted the joint investigation as to the steps they have to take to ensure that such violations never occur again.
You can read the full press statement announcing the settlement here