Skip to main content

Massachusetts General Hospital settles 2009 breach with Office of Civil Rights

The cost of data breaches keeps on rising.  Add another million to this week's HIPAA charges.

Just released this afternoon - the Office of Civil Rights announced that it has reached a settlement with Massachusetts General Hospital relating to a 2009 loss of medical records when a billing manager who was carrying the records accidentally left them on a train.  The incident involved 192 patients of the hospital's Infectious Disease Associates outpatient practice, including patients with HIV/AIDS. 

Today's press release announced that the settlement includes a $1,000,000 payment and a resolution agreement, including a corrective action plan, under which Massachusetts General agrees to undertake measures to improve the privacy and security of patient medical records.

The Resolution Agreement and Corrective Action Plan can be reviewed here.


Subscribe To Viewpoints


Cynthia J. Larose

Member / Co-Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.