The Boston Globe writes that the former owners of a medical billing practice that dumped sensitive health records at the Georgetown Transfer Station have agreed, along with doctors involved, to pay $140,000 in a settlement with the Massachusetts attorney general’s office.
A Globe photographer noticed the pile of paper records when he was tossing out his own trash in July 2010.
The pile consisted of records for more than 67,000 people, including names, addresses, Social Security numbers, pathology reports for people tested for various kinds of cancer, and other test results.
The photographer collected some of the documents, and the Globe contacted the hospitals that had contracted with the pathologists who had shared information with the billing company.
State and federal laws require health records to be disposed of in ways that destroy personal information, such as by shredding or incineration.
‘It is the obligation of all parties involved to ensure that sensitive information is disposed of properly.’
“Personal health information must be safeguarded as it passes from patients to doctors to medical billers and other third-party contractors,” Attorney General Martha Coakley said in a press release.
Read the whole story: 140$K penalty for data breach
The other defendants involved in this settlement are Dr. Kevin Dole, former President of Chestnut Pathology Services, P.C.; Milford Pathology Associates, P.C.; Milton Pathology Associates, P.C.; and Pioneer Valley Pathology Associates, P.C.
The AG’s Office alleges that these pathology groups violated HIPAA regulations by failing to have appropriate safeguards in place to protect the personal information they provided to Goldthwait Associates, and violated state data security regulations by not taking reasonable steps to select and retain a service provider that would maintain appropriate security measures to protect such confidential information.