Enacted in 2009, the Health Information Technology for Economic and Clinical Health (HITECH) Act increased the maximum penalty for HIPAA violations to $2.25 million, as illustrated by these notable cases.


moneyRite Aid and its affiliates

$1 million settlement after media recorded incidents of pharmacies disposing of prescriptions and labeled pill bottles that contained individuals’ identifiable information in public trash receptacles

Massachusetts General Hospital

$1 million settlement after a Massachusetts General Hospital employee left documents containing patients’ protected health information on a subway train


$2.25 million settlement after the drugstore chain disposed of patient information in unsecured trash containers that were accessible to the public


Beyond the financial penalties, there are the following civil and criminal penalties for HIPAA violations: civil action, brand equity erosion, customer attrition, and even imprisonment.  HITECH also expanded who must comply with HIPAA. Prior to HITECH only covered entities like hospitals, doctors, and insurance providers were required to comply with HIPPA; with the enactment of HITECH, most recipients of protected health information (PHI) from covered entities are also covered, including Business Associates. Click here to read more.


 Click Here  Dexcomm eBooks and articles on preventing HIPAA violations.


Works Cited:

"News Release." CVS Pays $2.25 Million and Toughens Practices to Settle HIPAA Privacy Case. U.S. Department of Health & Human Services, 18 Feb. 2009. Web. 23 July 2012. http://www.hhs.gov/news/press/2009pres/02/20090218a.html.

"News Release." Massachusetts General Hospital Settles Potential HIPAA Violations. U.S. Department of Health & Human Services, 24 Feb. 2011. Web. 23 July 2012. http://www.hhs.gov/news/press/2011pres/02/20110224b.html.

"News Release." Rite Aid Agrees to Pay $1 Million to Settle HIPAA Privacy Case. Http://www.hhs.gov/news/press/2010pres/07/20100727a.html, 27 July 2010. Web. 23 July 2012. http://www.hhs.gov/news/press/2010pres/07/20100727a.html.




Dexcomm is a Louisiana-based corporation that provides answering services to businesses and service agencies across the United States. We have been open since 1954, employ a staff of roughly 50 people, and our average client retention rate is 10+ years.

Connect With Us:





Read More About The Author: Dexcomm