CLEVELAND, Nov. 12, 2010 /PRNewswire/ -- Proactive Data Security Compliance Can Help Your Business Avoid Severe Penalties Later. Rite Aid Corporation is the latest company to learn a hard lesson on data security policies and procedures. Rite Aid and its 40 affiliated entities have agreed to a settlement of $1 million relative to the potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rules. The national pharmacy chain signed a consent order with the Federal Trade Commission ("FTC") and the Department of Health and Human Services ("HHS") for allegedly failing to protect customers' sensitive information. Several Rite Aid stores were caught on tape disposing of prescriptions and labeled pill bottles containing individuals' Personal Information ("PI") in industrial trash containers, easily accessible to the public.
The FTC settlement against Rite Aid requires the company to:
- Establish a Written Information Security Program ("WISP") to address the confidentiality and security of PI that Rite Aid collects; and
- Obtain an audit from a qualified third-party professional to ensure Rite Aid's WISP meets the settlement standards, every two years for the next 20 years.
The HHS settlement against Rite Aid requires the company to:
- Establish procedures for disposing of protected health information and PI with appropriate sanctions for those employees not in compliance;
- Conduct internal reviews and monitoring;
- Develop a training program for disposing of PI; and
- Obtain an audit to ensure compliance for the next three years.
Click below to read the McDonald Hopkins Data Privacy and Network Security Alert:
About McDonald Hopkins
With more than 130 attorneys in Chicago, Cleveland, Columbus, Detroit, and West Palm Beach, McDonald Hopkins is a business advisory and advocacy law firm focused on business law, litigation, business restructuring, labor and employment, government affairs, healthcare, and estate planning. The president of McDonald Hopkins is Carl J. Grassi. For more information about McDonald Hopkins, visit http://www.mcdonaldhopkins.com.
Deborah W. Kelm
McDonald Hopkins LLC
SOURCE McDonald Hopkins