Rite Aid Pharmacies agreed to pay $1 million to settle HHS and Federal Trade Commission complaints that the company had committed HIPAA Privacy Rule violations by dumping in the trash prescriptions and pill bottles bearing protected heath information on their labels according to this government press release.

The AMA News reports that the Health Net, a health plan now owned by United Healthcare, agreed to pay $250,000 to settle Connecticut attorney general charges that it had violated the HIPAA Privacy Rule as a result of the disappearance of a portable disk drive with protected health information.

Take aways — The federal and state governments are serious about their HIPAA enforcement efforts and the 2009 HITECH Act greatly strengthened their authority. HIPAA covered entities and business associates should be careful to encrypt portable electronic storage devices.

Yesterday, HHS clarified its guidance on submission of health plan claims to the Early Retiree Reinsurance Program established by the Affordable Care Act. HHS is not allowing the FEHB Program, which covers loads of early retirees, to participate in this Program.

Belaboring the obvious (my job as a lawyer), the Generic Pharmaceutical Association (GPhA) released a report on the tremendous savings created by small molecule generic drugs. It will be interesting to see five or ten years from now whether similar claims will be made about large molecule generic drugs or bio-generics. The Affordable Care Act authorized the Food and Drug Administration to create a regulatory pathway for approval of bio-generics. It’s interesting to note that the GPhA found the ACA’s provision inadequate. Time will tell.