BOSTON – Providence’s Women & Infants Hospital has agreed to pay $150,000 to resolve allegations that it failed to protect the personal and health information of more than 12,000 patients in Massachusetts, Attorney General Martha Coakley announced last week.
According to a statement, the consent judgment was approved by Suffolk Superior Court Judge Carol Ball. It resulted from a data breach reported to Coakley’s office in November 2012 that included patients’ names, dates of birth, Social Security numbers, dates of exams, physicians’ names and ultrasound images. The information is protected under HIPAA laws.
In April 2012, the hospital realized that it was missing 19 unencrypted back-up tapes from two of its Prenatal Diagnostic Centers, one located in Providence and the other located in New Bedford. The back-up tapes contained the personal information and protected health information of 12,127 Massachusetts residents.
The statement said that the tapes were supposed to be sent to a central data center at the hospital’s parent company, Care New England Health System, and then shipped off-site in order to transfer legacy radiology information to a new picture archiving and communications system. Due to an inadequate inventory and tracking system, Women & Infants allegedly did not discover the tapes were missing until the spring of 2012. Due to deficient employee training and internal policies, the breach was not properly reported under the breach notification statute to the AG’s Office and to consumers until the fall of 2012. •