The General Hospital Corporation and Massachusetts General Physicians agreed to pay $1 million to the U.S. government for patient privacy violations, according to a U.S. Department of Health & Human Services (HHS) statement. The agreement rose out of an incident in which Mass General lost the protected health information of 192 patients in its Infectious Disease Associates outpatient practice, which includes HIV/AIDS patients. The HHS Office of Civil Rights (OCR) began investigating the hospital after a patient filed a complaint regarding the loss of medical information. OCR determined Mass General failed to implement appropriate safeguards to protect health information upon its removal from the hospital’s premises, which violates the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule.

To read the HHS statement, click here.