Rhode Island Hospital to Pay $150K Fine for 2012 Data Breach | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Rhode Island Hospital to Pay $150K Fine for 2012 Data Breach

July 28, 2014
by Rajiv Leventhal
| Reprints

The Women & Infants Hospital of Rhode Island (WIH) has agreed to pay $150,000 to resolve allegations that it failed to protect the personal information and protected health information (PHI) of more than 12,000 patients in Massachusetts two years ago.

The consent judgment, approved by Suffolk Superior Court Judge Carol Ball, resulted from a data breach reported to the Attorney General’s (AG) Office in November 2012 that included patients’ names, dates of birth, Social Security numbers, dates of exams, physicians’ names, and ultrasound images. The ruling was announced by Massachusetts AG Martha Coakley last week.

In April 2012, WIH realized that it was missing 19 unencrypted back-up tapes from two of its prenatal diagnostic centers, one located in Providence, Rhode Island and the other located in New Bedford, Massachusetts.  The back-up tapes contained the personal information and PHI of 12,127 Massachusetts residents.

In the summer of 2011, these back-up tapes were supposed to be sent to a central data center at WIH’s parent company, Care New England Health System, and then shipped off-site in order to transfer legacy radiology information to a new picture archiving and communications system.  However, due to an inadequate inventory and tracking system, WIH allegedly did not discover the tapes were missing until the spring of 2012. Due to deficient employee training and internal policies, the breach was not properly reported under the breach notification statute to the AG’s Office and to consumers until the fall of 2012, according to AG Coakley.

“Personal information and protected health information must be properly safeguarded by hospitals and other healthcare entities,” AG Coakley said in a statement.  “This data breach put thousands of Massachusetts consumers at risk, and it is the hospital’s responsibility to ensure that this type of event does not happen again.”

Under the terms of the settlement, WIH has agreed to take steps to ensure future compliance with state and federal data security laws and regulations, including maintaining an up-to-date inventory of the locations, custodians, and descriptions of unencrypted electronic media and paper patient charts containing personal information and protected health information. The hospital also agreed to perform a review and audit of security measures and to take any corrective measures recommended in the review.

According to the settlement, WIH will pay a $110,000 civil penalty, $25,000 for attorney’s fees and costs, and a payment of $15,000 to a fund to be used by the Attorney General’s Office to promote education concerning the protection of personal information and protected health information and a fund for future data security litigation.

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

Epic Wins Labor Dispute in Closely Divided Supreme Court Decision

Epic Systems Corporation won a major labor-law ruling in the Supreme Court on Monday, centering around the extent of corporations’ right to force employees to sign arbitration agreements, and with a 5-4 ruling in its favor

Survey: Two-Thirds of Physician Practices Seeking Out Value-Based Care Consulting Firms

Most physician organizations are not prepared for the move to value-based care, and 95 percent CIOs of group practices and large clinics state they do not have the information technology or staff in-house needed to transform value-based care end-to-end, according to a recent Black Book Market Research.

Cumberland Consulting Buys LinkEHR, Provider of Epic Help Desk Services

Cumberland Consulting Group, a healthcare consulting and services firm, has acquired LinkEHR, which provides remote application support, including Epic help desk services.

Population Health Tool that Provides City-Level Data Expands to 500 Cities

A data visualization tool that helps city officials understand the health status of their population, called the City Health Dashboard, has now expanded to 500 of the largest cities in the U.S., enabling local leaders to identify and take action around the most pressing health needs in their cities and communities.

Trump will Nominate Acting VA Secretary Wilkie for Permanent Position

Just a day after the Department of Veterans Affairs (VA) and Cerner inked their $10 billion EHR (electronic health record) deal, President Trump said he would be nominating Acting VA Secretary Robert Wilkie for the permanent position.

ONC Names API Server Showdown Stage 2 Winner

The Office of the National Coordinator for Health Information Technology (ONC) has named 1UpHealth as the Stage 2 winner of the “Secure API Server Showdown” challenge.