BOSTON (Legal Newsline) – Massachusetts Attorney General Martha Coakley announced a $150,000 consent judgment on Wednesday with a Rhode Island hospital that allegedly failed to protect the personal information of more than 12,000 Massachusetts patients.
Women & Infants Hospital of Rhode Island (WIH) allegedly failed to safely transfer 19 unencrypted backup tapes to its parent company during an information transfer in the summer of 2011 due to an inadequate inventory and tracking system. In April 2012, WIH realized it was missing the tapes from two of its Prenatal Diagnostic Centers.
The tapes contained the personal information and protected health information of 12,127 Massachusetts residents. The information included patients’ Social Security Numbers, dates of birth, names, physicians’ names, dates of exams and ultrasound images.
WIH’s alleged failure to properly train its employees and institute adequate internal policies caused the breach to not be reported to Coakley’s office and consumers until November 2012.
“Personal information and protected health information must be properly safeguarded by hospitals and other healthcare entities,” Coakley said. “This data breach put thousands of Massachusetts consumers at risk, and it is the hospital’s responsibility to ensure that this type of event does not happen again.”
Under the terms of the consent judgment, WIH will pay a $110,000 civil penalty, $25,000 for attorney fees and $15,000 for a personal and protected health information education fund. WIH must also take steps to ensure future compliance with federal and state data security laws and regulations. The hospital will perform a review and audit of security measures and take any corrective measures recommended in the review.