This was the case a few years ago when Rite Aid Corp (RAC) threw out pill bottle labels. Television media exposed RAC with videotaped incidents of the pharmacies disposing of prescriptions and labeled pill bottles containing individuals’ identifiable information in industrial trash containers with public access. This exposed the individuals’ information to the risk of identity theft and other crimes, as well as violated the Health Insurance Portability and Accountability Act (HIPAA) of 1996 Privacy Rule.
“It is critical that companies, large and small, build a culture of compliance to protect consumers’ right to privacy, and safeguard health information,” said Georgina Verdugo, director of the Office for Civil Rights (OCR). “OCR is committed to strong enforcement of HIPAA.”
RAC and its 40 affiliated entities agreed to pay $1 million for violations of HIPAA. Surprisingly, this isn’t the first time an organization has been reprimanded for such an act. The Federal Trade Commission (FTC) and the Office for Civil Rights, which enforces the HIPAA Privacy and Security Rules, settled a similar case involving another national drug store chain the previous year.
The HIPAA Privacy Rule requires health plans, health care clearinghouses and most health care providers to protect the privacy of patient information at all times. In order to prevent violating HIPAA and losing the trust of clients, organizations should make the disposal of private information a priority.
Trust is one of the most valuable assets of an organization. So when disposing of a patient’s health information, ensure that it is in accordance with HIPAA. Otherwise, you might throw your patient’s trust out with the garbage.
Sources:
http://www.hhs.gov/news/press/2010pres/07/20100727a.html
http://www.hhs.gov/ocr/privacy/index.html