States Privacy News

HIPAA Events

calendar

Events Webinars Training

$2.25 million - CVS Pharmacy, Inc.

In a case that involves the privacy of millions of health care consumers, on January 16, 2009, the U.S. Department of Health & Human Services (HHS) reached agreement with CVS Pharmacy, Inc. to settle potential violations of the HIPAA Privacy Rule.  To resolve the Department’s investigation of its privacy practices, CVS agreed to pay $2.25 million and implement a detailed Corrective Action Plan to ensure that it will appropriately dispose of protected health information such as labels from prescription bottles and old prescriptions.  The new practices will apply to all CVS retail pharmacies, over 6,300 stores.  In a coordinated action, CVS Caremark Corporation, the parent company of the pharmacy chain, also signed a consent order with the Federal Trade Commission (FTC) to settle potential violations of the FTC Act. | Resolution Agreement

$100,000 - Providence Health & Services

On July 16, 2008, the U.S. Department of Health & Human Services (HHS) entered into a Resolution Agreement with Seattle-based Providence Health & Services (Providence) to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules. | Resolution Agreement