As announced last week by the U.S. Department of Health and Human Services, Rite Aid Corporation entered into a consent order with the Federal Trade Commission (FTC) to pay $1 million in fines to teh FTC for its’ failure to protect the privacy of pharmacy customers as is required by the Health Insurance and Portability Accountability Act (HIPAA). Rite Aid was accused of disposing of prescription bottles which contained patient’s names and other identifying personal information into trash recepticles accessible to the public, rather than destroying or otherwise taking sufficient steps to safeguard their customers’ privacy.
As part of the agreement, Rite Aid agreed to review and revise their policies for disposing of sensitive, private information, to adequately train their employees in these policies, and to hire an independent third party to ensure compliance with the provisions of the consent order. The corrective plan instituted by Rite Aid will remain in place for 3 years. The FTC consent order will remain in effect for 20 years