Categories: Health Law,

The Boston Globe (2/25, Kowalczyk) reports, “Massachusetts General Hospital has agreed to pay the federal government $1 million to settle potential violations of patient privacy laws, which occurred when an employee commuting to work lost patient records on the T’s Red Line two years ago.” The US Department of Health and Human Services announced the settlement Thursday, “after an investigation by its Office for Civil Rights.”


According to Modern Healthcare (2/25, Zigmond), OCR began an investigation “after receiving a complaint from a patient whose protected health information was lost on March 9, 2009.” According to the agency, the documents, which were from MGH’s Infectious Disease Associates outpatient practice, included a “patient schedule that contained the names and medical record numbers for a group of 192 patients, as well as billing encounter forms that contained the name, date of birth, medical record number, health insurer and policy number, diagnosis, and name of providers for 66 of those patients, were lost that day” an employee from the MGH practice “left the documents — which were never recovered — on a subway car.”

The Boston Business Journal (2/25, Donnelly) adds that MGH has also agreed to “develop a comprehensive new privacy policy to prevent patient information from being compromised in the future, and to provide training to workers.” Moreover, the settlement requires MGH to remit “semi-annual compliance reports” to HHS the next three years.

reported by AHLA