California Prosecutors Settle PHI Breach with Retailer

http://www.jdsupra.com/legalnews/california-prosecutors-settle-phi-breach-18997/

Beginning in 2012, California environmental regulators and others began investigating the grocery store chain Safeway relating to the company’s waste disposal practices. During the investigation, certain documents listing medical and personal information on dozens of pharmacy patients were found among the waste.  In allegations set forth against Safeway by a coalition of 43 California district attorneys and two city attorneys, Safeway was formally accused of improperly disposing of confidential pharmacy records containing private medical information over a period of years in violation of California’s Confidentiality of Medical Information Act.   In December 2014, Safeway agreed to a $9.87 million penalty as part of a settlement with California prosecutors related to the claims.

It is not clear in the Safeway case the number of customers’ records that were improperly disposed of or actually discovered by inspectors.  Any estimate of the true number of records dumped may be difficult to determine given that the investigation only provided a “snap shot” of some stores’ activity.  Nevertheless, the publicity of the settlement, the sizable amount of the penalty agreed to, and the nature of the allegations against Safeway makes the case a significant case study in medical privacy, though not particularly related to cyber as the records were paper.

Filed under: General Problems