Wakefern Food Corporation Settles HIPAA Breach Case with NJ Attorney General for $235,000

by | Nov 4, 2020

Following claims of breaches of federal and state legislation, linked to a data breach involving the protected health information of 9,700 customers of two ShopRite supermarkets in Millville, New Jersey and Kingston NY, Wakefern Food Corporation has agreed to pay $235,000 in civil financial penalties and implement a range of security enhancements.

Wakefern Food Corporation is the parent company of Union Lake Supermarket, LLC, which owns the ShopRite store in Millville and ShopRite Supermarkets, Inc., which owns the ShopRite store in Kingston, NY.

Back in 2016, Wakefern removed electronic devices ,that were used to collect customer signatures and purchase information at the two locations, from use. The old devices were thrown away in regular dumpsters without being put our of used or purged of the information they were holding. The devices were holding the protected health information of 9,700 customers of the two stores incorporating names, contact details, zip codes, driver’s license numbers, dates of birth, prescription numbers, prescription types, collection and delivery dates.

After the submission of reports about the improper destruction of ePHI, the New Jersey Division of Consumer Affairs launched an investigation and found that the disposal of the devices was in breach of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule and there had been a number of violations of the state’s fraud act. Workers at the stores had also not been provided with appropriate training on the handling and disposal of sensitive data.

New Jersey Attorney General Gurbir S. Grewal said: “Pharmacies have a legal obligation to protect the privacy and security of the patient information they collect, and to properly dispose of that information when the time comes. Those who compromise consumers’ private health information face serious consequences.”

Wakefern has agreed to pay $209,856.50 in civil penalties and $25,143.50 for reimbursement of attorneys’ fees and auditing costs and will enhance security measure to tackle any future cyberattacks or breaches. Those measures include hiring a chief privacy officer, executing a business associate agreement with ShopRite Supermarkets, Union Lake, and each of the members that run pharmacies in the supermarkets, and ensuring proper measures are put in place to safeguard protected health information. All of the ShopRite stores that has a pharmacy must appoint a HIPAA privacy officer and HIPAA security officer to manage compliance and online training must be provided for those officers on their privacy and security positions.

Paul R. Rodríguez, Acting Director of the Division of Consumer Affairs said: “New Jersey consumers have a right to know that when they purchase a prescription medication at the neighborhood supermarket, their most private information will be fully protected under the law and not carelessly left to fall into the wrong hands. This settlement ensures that ShopRite supermarket pharmacies will be trained and monitored for HIPAA compliance to avoid future conduct that place consumers at risk for privacy invasion and identity theft.”

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy