Dexcomm Blog

HIPAA Case Study: What’s in your Garbage?

August 09, 2012

TrashAs humans, we dispose of garbage on a regular basis with little thought.  Many organizations take precautions when disposing of private information by shredding or incinerating written and typed documents.  But information in less traditional formats can slip through the cracks of regulation and cost an organization millions of dollars in fines.

 

This was the case a few years ago when Rite Aid Corp (RAC) threw out pill bottle labels.  Television media exposed RAC with videotaped incidents of the pharmacies disposing of prescriptions and labeled pill bottles containing individuals’ identifiable information in industrial trash containers with public access.  This exposed the individuals’ information to the risk of identity theft and other crimes, as well as violated the Health Insurance Portability and Accountability Act (HIPAA) of 1996 Privacy Rule.

 

“It is critical that companies, large and small, build a culture of compliance to protect consumers’ right to privacy, and safeguard health information,” said Georgina Verdugo, director of the Office for Civil Rights (OCR).   “OCR is committed to strong enforcement of HIPAA.”

 

RAC and its 40 affiliated entities agreed to pay $1 million for violations of HIPAA. Surprisingly, this isn’t the first time an organization has been reprimanded for such an act.  The Federal Trade Commission (FTC) and the Office for Civil Rights, which enforces the HIPAA Privacy and Security Rules, settled a similar case involving another national drug store chain the previous year.

 

The HIPAA Privacy Rule requires health plans, health care clearinghouses and most health care providers to protect the privacy of patient information at all times.  In order to prevent violating HIPAA and losing the trust of clients, organizations should make the disposal of private information a priority.  

 

  • Implement and distribute adequate policies and procedures to appropriately safeguard patient information during disposal of protected health information.
  • Train workforce members on these new requirements
  • Conduct internal monitoring
  • Engage a qualified, independent third party assessor to conduct compliance reviews and render reports to the Department of Health and Human Services (HHS).

 

Trust is one of the most valuable assets of an organization.  So when disposing of a patient’s health information, ensure that it is in accordance with HIPAA.  Otherwise, you might throw your patient’s trust out with the garbage.

 

 

Sources:

http://www.hhs.gov/news/press/2010pres/07/20100727a.html

 

http://www.hhs.gov/ocr/privacy/index.html


Dexcomm is a Louisiana-based corporation that provides answering services to businesses and service agencies across the United States. We have been open since 1954, employ a staff of nearly 100 people, and our average client retention rate is 10+ years.

Connect With Us:

Twitter

Facebook

LinkedIn


 

Read More About The Author: Dexcomm

Want To Stay In The Know? Subscribe to our blog!

You can sign up to receive weekly or monthly copies of our latest blogs, keeping you current on best practices, tips, and expert insight into helping your business communicate at its very best.


why-use-an-answering-service-thumbWhen you do, we will send you our free infographic.

"Why Use an Answering Service?"

 

Subscribe Here!

Lists by Topic

see all