IT | Security

$1 Million HIPAA Violation Fine for RiteAid

By: Absolute Team | 9/1/2010

Earlier this summer, the Connecticut Attorney General Richard Blumenthal filed and settled the first HIPAA-related lawsuit. Following suit in other HIPAA news, pharmacy chain Rite Aid has now been levied with a $1 million fine for violations to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule.

According to federal charges, Rite Aid improperly disposed of prescription information. The Office for Civil Rights (OCR), which enforces HIPAA, has come to an agreement with Rite Aid and its 40 affiliated entities for the $1 million fine and for Rite Aid to take corrective action to improve its privacy policies and procedures.

“It is critical that companies, large and small, build a culture of compliance to protect consumers' right to privacy and safeguard health information,” said Georgina Verdugo, director of OCR, in a statement from the the Department of Health and Human Services.

In addition, the Federal Trade Commission has demanded that the company undergo frequent security audits.

This is the second settlement as a result of a joint HHS and FTC investigation. The two agencies worked together on a similar case involving CVS Caremark in February 2009, which resulted in a $2.25 million fine for the pharmacy chain.

Via SC Magazine