GEORGETOWN — Joseph and Louise Gagnon of Marblehead took the cheap and quick way out and had multiple years’ worth of sensitive medical records chucked into a Georgetown trash dump, court documents allege.
The effort to save money, according to a settlement announced by Attorney General Martha Coakley on Monday, has led to a large fine for a data breach that put sensitive patient information at risk.
The husband and wife, who were doing business in Marblehead as Goldthwait Associates, along with four pathology groups for which they were handling the billing, agreed to pay $140,000 collectively to settle allegations that the private billing and medical records of 67,000 Bay State patients wound up in the Georgetown transfer station.
The civil complaint, filed in Suffolk Superior Court along with consent judgments approved Monday, alleges that the Gagnons violated state laws meant to protect such information.
“We believe this data breach put thousands of patients at risk, and it is the obligation of all parties involved to ensure that sensitive information is disposed of properly to prevent this from happening again,” Coakley said in a statement.
The Gagnons and the other defendants did not make any admission of liability, according to court documents.
The Gagnons were fined a total of $30,000: $15,000 in civil penalties, $5,000 in attorney’s fees and $10,000 for a fund set up to promote programs to protect patient or consumer data. Based on a review of the Gagnons’ financial records, $25,000 was suspended, contingent on the Gagnons’ compliance with the settlement, court documents show. They were ordered to pay $5,000 in civil penalties.
According to court documents, the discovery of the patient data dump was connected to the Gagnons’ retiring from the medical billing business in May 2010.
“In an effort to dispose of multiple years’ worth of personal health information as cheaply and as quickly as possible, they hired their son, Joseph Gagnon Jr., to dump the documents at the Georgetown Transfer Station in July 2010,” according to the complaint. The information contained “sensitive health and other personally identifiable information” in plain view of others tossing trash.