Rite Aid Agrees To Pay $1 Million To Settle Medical Privacy Questions
The Wall Street Journal: "Rite Aid Corp. agreed to pay $1 million to settle potential violations of government privacy rules after regulators said it failed to protect customers' and employees' financial and medical information. The drug-store chain's agreement with the Federal Trade Commission requires the company to establish an information-security program and obtain a third-party audit of its compliance to that effect every two years for the next 20 years." The settlement resulted after the FTC investigated reports that Rite Aid used open dumpsters to throw away items such as "pharmacy labels and job applications. Meanwhile, HHS also began investigating the disposal of health information protected under the Health Insurance Portability and Accountability Act, or HIPAA" (Jarzemsky, 7/27).
NPR Shots Blog: "The settlement is the second largest of it's kind -- the largest was a very similar action taken against the chain drug store CVS last year." CVS paid a $2.25 million fine. (Fulton, 7/27).This is part of the KHN Morning Briefing, a summary of health policy coverage from major news organizations. Sign up for an email subscription.