- Sanctions for Lazy Disposal Require Drug Store Chain to Re-"Rite" its Data Security Policies and Procedures
- August 19, 2010
- Law Firm: Proskauer Rose LLP - Washington Office
Rite Aid has agreed to pay $1 million to resolve allegations that it violated the Health Insurance Portability and Accountability Act (“HIPAA”) by pitching pill bottles and prescription information into publicly accessible dumpsters near Rite Aid stores. According to the Department of Health and Human Services’ resolution agreement, released on July 27, Rite Aid must implement a three-year corrective action program, which includes the adoption of revised policies and procedures concerning the disposal of sensitive health-related information, employee training programs related to the revised policies and procedures and penalties for employees that fail to comply with them.
The Rite Aid settlement marks the second time HHS and the FTC have joined forces for an investigation into alleged violations of individuals’ information privacy. The agencies began investigating Rite Aid after news media captured footage of employees at a number of pharmacies, not limited to Rite Aid, tossing sensitive medical information into insecure trash containers. According to HHS and the FTC, this practice demonstrated Rite Aid’s failure to implement, teach and enforce appropriate policies regarding the disposal of sensitive information.
So will [insert name of your pharmacy here] be the agencies’ next target? We hope not!