Rite Aid Pays $1 Million HIPAA Privacy Settlement As OCR Tightens HIPAA Regulations

Drug store chain Rite Aid Corporation and its 40 affiliated entities (Rite Aid) will pay $1 million to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule.  Although targeting a health care provider, employers, health plan sponsors, administrators, and service providers should recognise the the Rite Aid settlement as a strong reminder of the importance of reviewing and tightening their own human resources, employee benefits, adn other policies and processes to better safeguard protected health information, personal financial information and other sensitve data.   

The U.S. Department of Health and Human Services (HHS) Office of Civil Rights announcement of the HIPAA resolution agreement with Rite Aid and the concurrent negotiation of a separate consent order of potential FTC Act violations between Rite Aid and the Federal Trade Commission (FTC) follows HHS’ announcement of proposed changes to its HIPAA Privacy Rules and associated penalties in response to changes enacted under the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act).  The Rite Aid settlement and the proposed Privacy Rule changes illustrate the growing penalty risks that health plans, health care providers, healthcare clearinghouses and their business associates (Covered Entities) face for violating the Privacy Rules.  Read more details.

Additionally, the Rite Aid decision also serves as a reminder to employers, health plans and their administrators, insurers and finance and finance departments to tighten their controls over the use, access and disposal of sensitive information.  A walk through of almost most employee benefit, human resources and finance department typically reveals that at any given time a wide range of personal health and other sensitve information is handled and disposed of in a manner that leaves it open to improper or unnecessary use or disclosure.  Additionally, while situations like those in Rite Aid and CVS draw big press, Secret Service, FBI, DOL and other statistics show that most wrongful access and damage comes from the improper use of access of information gained through credentials as an employee, contractor or customer.  Rite Aid, CVS, and other HIPAA, FTC and personal identity breach statistics, settlements and judgments are a reminder to all of the advisability of cleaning up their policies and controls to better protect this data. 

For Assistance or More Information

If your organization needs assistance updating or defending your privacy, data security or other health plan design, documentation policies or procedures in response to these or other requirements or with other employee benefit, insurance or human resources matters, please contact the author of this update, Board Certified Labor & Employment attorney Cynthia Marcotte Stamer at (469) 767-8872 or via e-mail here.

Current Chair of the American Bar Association (ABA) RPTE Employee Benefit & Other Compensation Group, a Council Member of the ABA Joint Committee on Employee Benefits and Past Chair of the ABA Health Law Section Managed Care & Insurance  Interest Group, Stamer continuously advises employers, health and other employee benefit plans, plan sponsors, fiduciaries, plan administrators, plan vendors, insurers and others about health program related legal, operational, documentation, public policy, enforcement, privacy, technology, litigation and risk management and other concerns. Ms. Stamer also publishes, conducts client and other training, speaks and consults extensively on these and other health and managed care program concerns and practices. She regularly speaks and conducts training for the ABA, American Health Lawyers Association, Institute of Internal Auditors, Society for Professional Benefits Administrators, Southwest Benefits Association and many other organizations.  Her extensive publications include numerous highly regarding works on HIPAA and other health plan matters published by the Bureau of National Affairs, the ABA, and others.  Her insights on these and related topics have appeared in Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, Managed Healthcare, Health Leaders, various ABA publications and a many other national and local publications.  To contact Ms. Stamer or for additional information about Ms. Stamer, her experience, involvements, programs or Publishers of her many highly regarded writings on health industry and human resources matters include the Bureau of National Affairs, Aspen Publishers, ABA, AHLA, Aspen Publishers, Schneider Publications, Spencer Publications, World At Work, SHRM, HCCA, State Bar of Texas, Business Insurance, James Publishing and many others.  You can review other highlights of Ms. Stamer’s experience here

Other Resources

If you found this information of interest, you also may be interested in reviewing other recent Solutions Law Press updates including:

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources available for review here. If you or someone else you know would like to receive future updates and notices about other upcoming Solutions Law Press events, please be sure that we have your current contact information – including your preferred e-mail- by creating or updating your profile at here. For important information concerning this communication click here.

©2010 Solutions Law Press. All rights reserved.

Comments are closed.

%d bloggers like this: