Rhode Island Hospital to Pay $150K Fine for 2012 Data Breach | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Rhode Island Hospital to Pay $150K Fine for 2012 Data Breach

July 28, 2014
by Rajiv Leventhal
| Reprints

The Women & Infants Hospital of Rhode Island (WIH) has agreed to pay $150,000 to resolve allegations that it failed to protect the personal information and protected health information (PHI) of more than 12,000 patients in Massachusetts two years ago.

The consent judgment, approved by Suffolk Superior Court Judge Carol Ball, resulted from a data breach reported to the Attorney General’s (AG) Office in November 2012 that included patients’ names, dates of birth, Social Security numbers, dates of exams, physicians’ names, and ultrasound images. The ruling was announced by Massachusetts AG Martha Coakley last week.

In April 2012, WIH realized that it was missing 19 unencrypted back-up tapes from two of its prenatal diagnostic centers, one located in Providence, Rhode Island and the other located in New Bedford, Massachusetts.  The back-up tapes contained the personal information and PHI of 12,127 Massachusetts residents.

In the summer of 2011, these back-up tapes were supposed to be sent to a central data center at WIH’s parent company, Care New England Health System, and then shipped off-site in order to transfer legacy radiology information to a new picture archiving and communications system.  However, due to an inadequate inventory and tracking system, WIH allegedly did not discover the tapes were missing until the spring of 2012. Due to deficient employee training and internal policies, the breach was not properly reported under the breach notification statute to the AG’s Office and to consumers until the fall of 2012, according to AG Coakley.

“Personal information and protected health information must be properly safeguarded by hospitals and other healthcare entities,” AG Coakley said in a statement.  “This data breach put thousands of Massachusetts consumers at risk, and it is the hospital’s responsibility to ensure that this type of event does not happen again.”

Under the terms of the settlement, WIH has agreed to take steps to ensure future compliance with state and federal data security laws and regulations, including maintaining an up-to-date inventory of the locations, custodians, and descriptions of unencrypted electronic media and paper patient charts containing personal information and protected health information. The hospital also agreed to perform a review and audit of security measures and to take any corrective measures recommended in the review.

According to the settlement, WIH will pay a $110,000 civil penalty, $25,000 for attorney’s fees and costs, and a payment of $15,000 to a fund to be used by the Attorney General’s Office to promote education concerning the protection of personal information and protected health information and a fund for future data security litigation.

Topics

News

Former Michigan Governor to Serve as Chair of DRIVE Health

Former Michigan Governor John Engler will serve as chair of the DRIVE Health Initiative, a campaign aimed at accelerating the U.S. health system's transition to value-based care.

NJ Medical Group Launches Statewide HIE, OneHealth New Jersey

The Medical Society of New Jersey (MSNJ) recently launched OneHealth New Jersey, a statewide health information exchange (HIE) that is now live.

Survey: 70% of Providers Using Off-Premises Computing for Some Applications

A survey conducted by KLAS Research found that 70 percent of healthcare organizations have moved at least some applications or IT infrastructure off-premises.

AMIA Warns of Tax Bill’s Impact on Graduate School Programs in Informatics

Provisions in the Republican tax bill that would count graduate student tuition waivers as taxable income would have detrimental impacts on the viability of fields such as informatics, according to the American Medical Informatics Association.

Appalachia Project to Study Relationship Between Increased Broadband Access, Improved Cancer Care

The Federal Communications Commission and the National Cancer Institute have joined forces to focus on how increasing broadband access and adoption in rural areas can improve the lives of rural cancer patients.

Survey: By 2019, 60% of Medicare Revenues will be Tied to Risk

Medical groups and health systems that are members of AMGA (the American Medical Group Association) expect that nearly 60 percent of their revenues from Medicare will be from risk-based products by 2019, according to the results from a recent survey.