DWT Advisory: Rhode Island Hospital’s Breach of Health Information Leads to Settlement with Massachusetts Attorney General

On July 23, 2014, the Massachusetts attorney general announced a settlement with Women & Infants Hospital of Rhode Island (WIH) over the loss of unencrypted backup tapes. WIH agreed to pay $150,000 and undertake numerous compliance measures, including hiring an independent auditor, to resolve allegations that it failed to protect the personal information (PI) and protected health information (PHI) of more than 12,000 Massachusetts patients under HIPAA and Massachusetts’ data security law. The attorney general also alleged that WIH engaged in unfair or deceptive acts or practices by not properly protecting the PI and PHI. This marks the third settlement by the Massachusetts attorney general’s office for allegations that an entity failed to secure its residents’ PHI and PI under HIPAA and state data security laws. This case serves as a good reminder to organizations to know where their identifiable information resides and to properly secure electronic portable media. Read more here.