Massachusetts attorney general wins $150,000 settlement from hospital that lost patient data

Lena Kauffman | | Health Exec | Digital Transformation

When computers or data-storage media with protected personal health information on them go missing, healthcare providers don’t just face the threat of federal fines and patient class action suits. Individual states also can sue if their residents were impacted.

The Massachusetts’ attorney general’s office has a history of winning successful settlements in such scenarios and this week announced that it had reached a settlement with Women & Infants Hospital of Rhode Island to settle data breach allegations stemming from the 2011 loss of 19 unencrypted back-up tapes from two of the hospital’s prenatal diagnostic centers.

What happened to the tapes is unclear. According to Massachusetts Attorney General Martha Coakley’s press release, the tapes were supposed to have been sent to a central data center at the hospital’s parent company, Care New England Health System, in the summer of 2011. From there, they were supposed to have been sent off-site for transferring of the radiology information on the tapes into a new picture archiving and communications system (PACS).  However, the tapes went missing somewhere in the transfer and the hospital and Care New England didn’t realize they were lost until the following spring. It then allegedly took them until the fall of 2012 to notify the patients that they didn’t know what had become of the data.

Courts in two states have recently ruled that patient class action suits in such scenarios need to prove that the personal health data lost was indeed viewed and used by an unauthorized person. There is not evidence in this case that this happened.

However, states can seek settlements if there is evidence that the healthcare provider could and should have protected the data better, i.e., been more careful. In this case, fault was found with Women & Infants Hospital of Rhode Island’s inventory and tracking system, as well as with its employee training on the importance of reporting lost data as quickly as possible.

Coakley’s office had the right to seek a settlement because the data on the 19 tapes included data from 12,127 Massachusetts residents. It had previously reached a $750,000 settlement with South Shore Hospital in South Weymouth, Massachusetts, and a $140,000 settlement with medical billing company Goldthwait Associates and its client pathology groups over alleged violations of the state’s data security laws and federal data privacy requirements.

Lena Kauffman,

Contributor

Lena Kauffman is a contributing writer based in Ann Arbor, Michigan.

Related Content

5 healthcare AI predictions for 2025 from Wolters Kluwer Health
2024 in AI weirdness: ‘Insane’ ChatGPT and mutant rat genitals were only the beginning
10 signs AI is ‘eating the world (of venture capital)’
From Capitol Hill to a hospital near you? 5 federal recommendations for healthcare AI policy
Healthcare AI regulation needs nuance, balance: Research review
ICU diary-keeping: There’s an AI for that

Around the web

Radiology Business
The biggest obstacles facing radiology business managers in 2025

RBMA President Peter Moffatt discusses declining reimbursement rates, recruiting challenges and the role of artificial intelligence in transforming the industry.

Radiology Business
Policies and regulations shaping radiology in 2025

Mark Isenberg, executive vice president of Zotec Partners, discusses key developments that will reshape the specialty this year. 

Cardiovascular Business
FDA says years-long tirzepatide shortage is resolved, will give limited leeway to compounders

The tirzepatide shortage that first began in 2022 has been resolved. Drug companies distributing compounded versions of the popular drug now have two to three more months to distribute their remaining supply.