MGH to pay $1m to settle privacy case
Massachusetts General Hospital has agreed to pay the federal government $1 million to settle potential violations of patient privacy laws, which occurred when an employee commuting to work lost patient records on the T’s Red Line two years ago.
The US Department of Health and Human Services announced the settlement yesterday, after an investigation by its Office for Civil Rights. Mass. General also agreed to train all employees and to develop a comprehensive policy and procedures to protect patient information when it is taken outside the hospital.
Health information for 192 patients in Mass General’s Infectious Disease Associates outpatient practice was lost in the incident, including that of patients with HIV/AIDS. The documents included a patient schedule containing names and patient medical record numbers, as well as billing forms containing the name, birth date, medical record number, health insurer and policy number, diagnosis, and name of providers for 66 of those patients.
In a statement , Deborah Adair, the hospital’s privacy officer, said, “We look forward to taking these steps to further our continuing efforts to protect the privacy and security of our patients’ health information.’’