Magazine article Information Management

HIPAA Violation Costs CVS $2.25 Million

Magazine article Information Management

HIPAA Violation Costs CVS $2.25 Million

Article excerpt

In what may signal a new commitment to enforce Health Insurance Portability and Accountability Act (HIPAA) rules, the U.S. government will receive $2.25 million from CVS Caremark Corp. to settle charges of HIPAA privacy violations.

The settlement stems from a federal investigation into allegations that CVS pharmacy employees threw items containing sensitive patient information in the trash. The joint investigation by the Department of Health and Human Services (HHS) and the Federal Trade Commission (FTC) alleges that CVS employees tossed pill bottles with labels containing patient information into open dumpsters, along with pharmacy order information, employment applications, payroll data, and credit card and insurance card information, Information Security magazine reported.

The FTC said CVS violated federal laws by failing to implement reasonable and appropriate procedures for handling personal information about customers and employees and did not adequately train employees on secure disposal of personal information.

In addition to paying HHS $2.25 million, the FTC has ordered the company's more than 6,000 retail pharmacies to establish and implement policies and procedures for disposing of protected health information, implement a training program, conduct internal monitoring, and hire an outside assessor to evaluate its compliance for three years, Information Security said.


The FTC order requires CVS to set up a comprehensive information security program to protect the data it collects from consumers and employees. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed


An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.