disposal

A small Denver pharmacy agreed to a $125,000 settlement with the U.S. Department of Health and Human Services (HHS) after HHS alleged that the pharmacy failed to dispose of paper records that contained patient information in accordance with HIPAA.

According to the Resolution Agreement, the HHS Office for Civil Rights (OCR) received a report from a local news station that the pharmacy disposed of paper records with protected health information (PHI) in a dumpster that was accessible to the public.  The Resolution Agreement also alleges that the pharmacy failed to implement written policies and procedures to comply with HIPAA, nor did the pharmacy train its workforce as to proper HIPAA protocols and procedures for handling of PHI.
Continue Reading HIPAA Settlement Follows Unsecured Paper Records Disposal

The Information Commissioner’s Office (ICO) has produced new guidance on “IT asset disposal for organisations” to help data controllers understand their responsibilities relating to the destruction and disposal of electronic equipment.  The guidance, which addresses one of the areas where organizations are most frequently fined under the UK Data Protection Act 1998 (DPA), explains how