Alleged PHI Dumping Leads to $140,000 HIPAA Settlement

Massachusetts Attorney General Martha Coakley has announced the former owners of a Marblehead, Mass.-based medical billing practice and four pathology groups have agreed to pay $140,000 to pay possible HIPAA violations. According to the press release, the confidential billing information for approximately 67,000 Massachusetts-based patients was improperly disposed of at a public dump.

According to the complaint, the owners, Joseph and Louise Gagnon, who did business as Goldthwait Associates violated several state and federal laws by disposing of these medical records, which contained protected health information (PHI) from four Massachusetts pathology groups at the Georgetown Transfer Station, at the dump. The information included names, Social Security numbers, and medical diagnoses that were not redacted or destroyed when they were dumped. The matter came to the public eye when a Boston Globe photographer saw the records while dumping out his own trash.

 “Personal health information must be safeguarded as it passes from patients to doctors to medical billers and other third-party contractors,” Coakley said in a statement. “We believe this data breach put thousands of patients at risk, and it is the obligation of all parties involved to ensure that sensitive information is disposed of properly to prevent this from happening again.”