• Hypertrophic Cardiomyopathy (HCM)
  • Vaccines: 2023 Year in Review
  • Eyecare
  • Urothelial Carcinoma
  • Women's Health
  • Hemophilia
  • Heart Failure
  • Vaccines
  • Neonatal Care
  • Type II Inflammation
  • Substance Use Disorder
  • Gene Therapy
  • Lung Cancer
  • Spinal Muscular Atrophy
  • HIV
  • Post-Acute Care
  • Liver Disease
  • Pulmonary Arterial Hypertension
  • Biologics
  • Asthma
  • Atrial Fibrillation
  • Type I Diabetes
  • RSV
  • COVID-19
  • Cardiovascular Diseases
  • Breast Cancer
  • Prescription Digital Therapeutics
  • Reproductive Health
  • The Improving Patient Access Podcast
  • Blood Cancer
  • Ulcerative Colitis
  • Respiratory Conditions
  • Multiple Sclerosis
  • Digital Health
  • Population Health
  • Sleep Disorders
  • Biosimilars
  • Plaque Psoriasis
  • Leukemia and Lymphoma
  • Oncology
  • Pediatrics
  • Urology
  • Obstetrics-Gynecology & Women's Health
  • Opioids
  • Solid Tumors
  • Autoimmune Diseases
  • Dermatology
  • Diabetes
  • Mental Health

CVS settles privacy charges


The CVS privacy settlement sends a clear message to executives that paper privacy and data security are insufficient.

The CVS Caremark Corp. agreement to pay a $2.25 million settlement following federal charges that employees compromised customer privacy by throwing pill bottles and prescription records into open dumpsters.

The settlement sends a message to healthcare organizations that their paper privacy and data security is insufficient, says one expert.

“Clearly, the CVS settlement and others, and stimulus-bill expansions to HIPAA, reflect the continuing belief of Congress and regulators that healthcare organizations aren’t doing their job,” says Cynthia Marcotte Stamer, a member of Glast, Phillips & Murray, PC, Dallas, Texas.

The biggest driver is the perception that companies have not acted promptly to operationally comply with HIPAA, FACTA’s red flag and other rules.

“This concern is fueled by the recognition of the growing magnitude of the U.S. identity theft problem and that healthcare data includes particularly sensitive private information,” she says.

According to Stamer, healthcare organizations must update and build out the policies, training and internal controls necessary to be able to prove that they require and enforce operational compliance.

HHS will monitor CVS for the next three years to make sure patient information is protected and employees are properly trained, with sanctions in place for workers who do not follow the disposal rules.

In a statement, CVS said it is not aware of any consumers being harmed and has not acknowledged any wrongdoing, but settled the investigation “to avoid the time and expense of further legal proceedings.”

At the end of the third quarter, CVS operated 6,347 drugstores in the United States, making it the second-largest chain, after Walgreen Co.

Related Videos
Related Content
© 2024 MJH Life Sciences

All rights reserved.