Drug store chain Rite Aid Corporation and its 40 affiliated entities (Rite Aid) will pay $1 million to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule.  Although targeting a health care provider, employers, health plan sponsors, administrators, and service providers should recognise the the Rite Aid settlement as a strong reminder of the importance of reviewing and tightening their own human resources, employee benefits, adn other policies and processes to better safeguard protected health information, personal financial information and other sensitve data.   

The U.S. Department of Health and Human Services (HHS) Office of Civil Rights announcement of the HIPAA resolution agreement with Rite Aid and the concurrent negotiation of a separate consent order of potential FTC Act violations between Rite Aid and the Federal Trade Commission (FTC) follows HHS’ announcement of proposed changes to its HIPAA Privacy Rules and associated penalties in response to changes enacted under the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act).  The Rite Aid settlement and the proposed Privacy Rule changes illustrate the growing penalty risks that health plans, health care providers, healthcare clearinghouses and their business associates (Covered Entities) face for violating the Privacy Rules.  Read more details.

Additionally, the Rite Aid decision also serves as a reminder to employers, health plans and their administrators, insurers and finance and finance departments to tighten their controls over the use, access and disposal of sensitive information.  A walk through of almost most employee benefit, human resources and finance department typically reveals that at any given time a wide range of personal health and other sensitve information is handled and disposed of in a manner that leaves it open to improper or unnecessary use or disclosure.  Additionally, while situations like those in Rite Aid and CVS draw big press, Secret Service, FBI, DOL and other statistics show that most wrongful access and damage comes from the improper use of access of information gained through credentials as an employee, contractor or customer.  Rite Aid, CVS, and other HIPAA, FTC and personal identity breach statistics, settlements and judgments are a reminder to all of the advisability of cleaning up their policies and controls to better protect this data. 

For Assistance or More Information

If your organization needs assistance updating or defending your privacy, data security or other health plan design, documentation policies or procedures in response to these or other requirements or with other employee benefit, insurance or human resources matters, please contact the author of this update, Board Certified Labor & Employment attorney Cynthia Marcotte Stamer at (469) 767-8872 or via e-mail here.

Current Chair of the American Bar Association (ABA) RPTE Employee Benefit & Other Compensation Group, a Council Member of the ABA Joint Committee on Employee Benefits and Past Chair of the ABA Health Law Section Managed Care & Insurance  Interest Group, Stamer continuously advises employers, health and other employee benefit plans, plan sponsors, fiduciaries, plan administrators, plan vendors, insurers and others about health program related legal, operational, documentation, public policy, enforcement, privacy, technology, litigation and risk management and other concerns. Ms. Stamer also publishes, conducts client and other training, speaks and consults extensively on these and other health and managed care program concerns and practices. She regularly speaks and conducts training for the ABA, American Health Lawyers Association, Institute of Internal Auditors, Society for Professional Benefits Administrators, Southwest Benefits Association and many other organizations.  Her extensive publications include numerous highly regarding works on HIPAA and other health plan matters published by the Bureau of National Affairs, the ABA, and others.  Her insights on these and related topics have appeared in Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, Managed Healthcare, Health Leaders, various ABA publications and a many other national and local publications.  To contact Ms. Stamer or for additional information about Ms. Stamer, her experience, involvements, programs or Publishers of her many highly regarded writings on health industry and human resources matters include the Bureau of National Affairs, Aspen Publishers, ABA, AHLA, Aspen Publishers, Schneider Publications, Spencer Publications, World At Work, SHRM, HCCA, State Bar of Texas, Business Insurance, James Publishing and many others.  You can review other highlights of Ms. Stamer’s experience here. 

Other Resources

If you found this information of interest, you also may be interested in reviewing other recent Solutions Law Press updates including:

• New Affordable Care Act Mandated High Risk Pre-Existing Condition Insurance Pool Program Regulations Prohibit Plan Dumping of High Risk Members, Set Other Rules
• Register Now For 8/24 2010 Health Plan Update Briefing
• Congress & Labor Department Considering Tightening of Retirement Plan Regulations
• Businesses Employing Children Should Review & Tighten Practices In Light of Tightened Rules & Increased Penalties
• New Affordable Care Act Health Plan Appeals Regulations Require Health Plan Updates
• Blockbuster & Health Delivery Disability Discrimination Settlements Highlight Need For Tightened Disability Discrimination Risk Management
• Agencies Release Regulations Implementing Affordable Care Act Health Plan Preventative Care Mandates
• New Retirement Plan Resource To Help Spanish-Speaking Participants With Retirement Planning
• St. Louis Employer’s OSHA Violations Trigger Contempt Order and Penalties
• Review & Strengthen Defensibility of Existing Worker Classification Practices In Light of Rising Congressional & Regulatory Scrutiny
• Key Affordable Care Act Health Plan Coverage Mandates Guidance Issued June 28; Apply ASAP For Early Retirement Reinsurance Program
• HHS, DOL & IRS Rules Define “Grandfathered” Group Health Plans & Health Insurance Coverage under the Patient Protection and Affordable Care Act
• New Rule Requires Federal Government Contractors To Post New “Employee Rights Under The National Labor” Poster
• Defined Contribution Plans Investing In Publically Traded Employer Securities Face New Requirements
• CBO Raises Estimated Cost of Health Care Reforms As Employers, Health Plans Brace Costs Of Newly Effective & Impending Mandates
• Certain Workforce Reductions Trigger Plant Closing Notice & Other Obligations
• Mishandling Employee Benefit Obligations Creates Big Liabilities For Distressed Businesses & Their Business Leaders
• DOL Plans To Tighten Employment Protections For Disabled Veterans & Other Disabled Employees Signals Need For Businesses To Tighten Defenses
• COBRA, HIPAA, GINA, Mental Health Parity or Other Group Health Plan Rule Violations Trigger New Excise Tax Self-Assessment & Reporting Obligations

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources available for review here. If you or someone else you know would like to receive future updates and notices about other upcoming Solutions Law Press events, please be sure that we have your current contact information – including your preferred e-mail- by creating or updating your profile at here. For important information concerning this communication click here.

©2010 Solutions Law Press. All rights reserved.