In related news, on February 24, 2011, OCR announced that The General Hospital Corporation and Massachusetts General Physicians Organization, Inc. (collectively, Massachusetts General) agreed to a $1 million settlement re-lated to alleged HIPAA Privacy Rule violations. The settlement was encompassed in a Resolution Agreement, which requires Massachusetts General to develop a comprehensive policy for compliance with the Privacy Rule.

The Massachusetts General settlement relates to the accidental loss of the protected health information of nearly 200 patients, including many patients with HIV/AIDS. The information included names, dates of birth, diagnoses and health insurance information. The information was lost by a Massachusetts General employee who had taken records home and then left them on a subway train. The records were never recovered.

A copy of the Resolution Agreement is available here.2