Security Bytes

Jul 28 2010   6:54PM GMT

Rite Aid to pay $1 million in HIPAA settlement

Marcia Savage Marcia Savage Profile: Marcia Savage

Rite Aid, the third largest pharmacy chain in the country, agreed to settle government charges that it failed to protect sensitive medical and financial information belonging to its customers and employees, the Federal Trade Commission announced Wednesday.

The case was a dual investigation by the FTC and the Department of Health and Human Services, spurred by news reports that pharmacy labels and job application forms were being thrown into open dumpsters at Rite Aid pharmacies, the FTC said.

According to the FTC, Rite Aid failed to appropriately dispose of personal information, adequately train employees, or have a reasonable process for discovering risks to personal data.

In its settlement agreement with the HHS over alleged HIPAA violations, Rite Aid will pay $1 million. The company must also establish procedures for disposing of protected health information, create a training program for handling of patient data, conduct internal monitoring and obtain an independent assessment of its compliance for three years.

In its settlement with the FTC, Rite Aid must establish a comprehensive information security program and obtain independent audits of its program for the next 20 years.

The settlement with Rite Aid is the second case in which the FTC and HHS coordinated their investigations. In February 2009, the agencies settled similar complaints against CVS Caremark.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: