South Shore Hospital, a Weymouth, Mass.-based not-for-profit hospital, reached an agreement with the Massachusetts Attorney General’s Office regarding the loss of back-up computer files. The publicized file loss occurred two years ago in 2010, and as a result, South Shore Hospital will pay a $750,000 monetary settlement.
The resolution comes at the conclusion of a two-year review by the Attorney General’s Office. Along with the money, the terms of the agreement specify data-security protocols that South Shore Hospital must adopt, the vast majority of which the hospital already has implemented. Because of the investments the hospital already has made in technology and data-handling upgrades, the amount the hospital owes were reduced by $275,000. The balance of the penalty consists of a $250,000 regulatory enforcement payment and a $225,000 contribution to a data-security education fund.
Back in July 19, 2010, South Shore Hospital reported that back-up computer files containing personal, health and financial information may have been lost by a professional data management company. The hospital had engaged the company to destroy the files, which were stored on computer tapes that were in a format no longer used. The hospital says the evidence indicated that the back-up computer files were most likely disposed of in a secure commercial landfill and were therefore unrecoverable.
“The state’s review has been comprehensive and thorough. We appreciate that the Attorney General has recognized the steps we’ve taken to enhance our data-security systems and hope to be able to serve as a source of information about best practices for other health care providers,” Richard H. Aubut, South Shore Hospital president and chief executive officer, said in a statement.