CVS Fined for HIPAA Privacy Lapses
Tuesday, April 14th, 2009
CVS, the nation’s largest retail pharmacy chain, will pay the U.S. government a $2.25 million settlement and take corrective action to ensure it does not violate privacy when disposing of patient information, such as identifying information on pill bottle labels.
The settlement, which applies to all of CVS’ more than 6,000 retail pharmacies, follows an extensive investigation by the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) for potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule.