August 18, 2019

August 16, 2019

Subscribe to Latest Legal News and Analysis

August 15, 2019

Subscribe to Latest Legal News and Analysis

HIPAA Settlement Follows Unsecured Paper Records Disposal

A small Denver pharmacy agreed to a $125,000 settlement with the U.S. Department of Health and Human Services (HHS) after HHS alleged that the pharmacy failed to dispose of paper records that contained patient information in accordance with HIPAA.

According to the Resolution Agreement, the HHS Office for Civil Rights (OCR) received a report from a local news station that the pharmacy disposed of paper records with protected health information (PHI) in a dumpster that was accessible to the public.  The Resolution Agreement also alleges that the pharmacy failed to implement written policies and procedures to comply with HIPAA, nor did the pharmacy train its workforce as to proper HIPAA protocols and procedures for handling of PHI.

The settlement illustrates the need for covered entities and business associates to ensure that records and documents, both paper and electronic, are maintained and disposed of in a secure manner.  HIPAA requires covered entities and business associates to protect the privacy and security of PHI in any form, including by implementing reasonable physical, administrative, and technical safeguards.  In a Frequently Asked Questions document about disposal of information, HHS notes that, while HIPAA does not mandate any particular method of disposal, “covered entities are not permitted to simply abandon PHI or dispose of it in dumpsters or other containers that are accessible by the public or other unauthorized persons.”

Furthermore, the settlement should remind covered entities and business associates of all sizes of the importance of implementing proper written policies and workforce training in compliance with HIPAA.

© 2019 Covington & Burling LLP


About this Author

Dena Feldman, healthcare attorney, Covington

Dena Feldman helps clients from across the health care industry navigate a range of complex regulatory and policy issues.

Ms. Feldman has particular expertise on health privacy issues arising under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Health Information Technology for Clinical and Economic Health (“HITECH”) Act, and state medical privacy laws. Ms. Feldman also regularly counsels clients on the federal rules and policies governing Medicare and Medicaid, including the new mandates of the Affordable Care Act.