Massachusetts General Hospital
The internal control breach that involved Massachusetts General Hospital missing records did turn up the regulatory and enforcement heat in the Health Insurance Portability and Accountability Act (HIPAA). The requirements of HIPPA provide clear guidelines that require all health care providers, in the United States, to give insightful protection of the private patient information. This protection should be done through physical, administrative and technical internal safeguards. The department of health and human resource service in the Office of Civil Rights (OCR) announced a massive penalty on Massachusetts General Hospital as a measure to enhance their security and privacy regulations (Paxson).
In early 2011, the resolution agreement came into terms with Massachusetts General Hospital, which had combined with its physical organization (Mass General). The term required Mass General to pay a lump sum of $1 million as a settlement amount for misplacing patient information. In addition, Mass General was to have a comprehensive compliance with a collective plan that was established and designated to ensure they improve their procedures for safeguarding patient’s private information. The settlement was made after a massive OCR investigation after an alleged complaint was filed by a patient of Mass General (Reed Exhibitions).
The papers were lost by a manager in the department of infectious disease centre. She had left the paper records in the Red Line train on March 9th, 2009 at a specific time between 7:00 to 9:00am in the morning after carrying them home to work over the weekend. The paper records were never recovered even after a significant search and notification to the transit police. The paper records contained protected health information (PHI) from Mass General’s department that dealt with infectious diseases outpatient practices. The department served patients with infectious diseases including patients with HIV/AIDS. The data that was lost in the PHI of the patients include dates of birth, names, medical record number, and the health identification numbers for identification, the diagnoses and also the names of patient’s providers (HHS Press Office).
The consequences that faced the Mass General gave a clear illustration of the degree of seriousness that was taken by the OCR after violation of HIPPA Act. This factor gave significant emphasis on how the United States government was clear and precise regarding protection of HIPPA rights and safeguarding the health information. To comply with the HIPPA requirement, there was a need for noticeable efforts in continuous updating of the systems especially under new regulation fine tune. The Mass General Institution did figure out about the missing records after OCR started their investigation and acceptance of infectious disease manager about leaving them on the train (Valencia).
Mass General was so ashamed by their deed, because they...