The Department of Health and Human Services fined the pharmacy chain Rite-Aid for a HIPAA violation. The fine is for $1 Million and requires that Rite Aid take corrective action to improve practices. The violation states, among other things, that Rite Aid did not properly dispose of personal identifiable information in its 4,900 retail pharmacies. It also states that Rite Aid failed to properly train employees on how to dispose of the information.
This goes to what I have been stressing lately, products don’t make you compliant. Policy and processes do. This also shows the importance of properly training the other managers in the business on how to handle information. Very intelligent people may run the various departments in your organization. They don’t have a background in this area and need the right procedures in place.