Massachusetts General Hospital's loss of the PHI of 192 patients gives rise to $1 million HIPAA settlement

The settlement of the potential violations of HIPAA arose after a Mass General employee, while commuting to work, left his briefcase containing patient schedules containing patient names and medical record numbers as well as billing encounter forms that provided the patient's name, date of birth, medical record number, health insurance and policy numbers, diagnosis, and name of providers for 66 of the 192 patients, some of which were HIV/AIDS patients.

The U.S. Department of Health and Human Services, Office of Civil Rights' investigation indicated that Mass General failed to implement reasonable and appropriate safeguards to protect the privacy of PHI that had been removed from Mass General's premises and impermissibly disclosed PHI potentially violating provisions of HIPAA's Privacy Rule.

Mass General also agreed to enter into a Corrective Action Plan as part of its Settlement.


Back to News & Trends