HIPAA Violations Are Finally Starting To Be Punished

Copyright 2009 Newstex LLCAll Rights ReservedNewstex Web BlogsCopyright 2009 The Healthcare IT Guy The Healthcare IT Guy

February 19, 2009 Thursday 7:08 AM EST

LENGTH: 322 words


HEADLINE: HIPAA violations are finally starting to be punished

BYLINE: Shahid N. Shah



Feb. 19, 2009 (The Healthcare IT Guy delivered by Newstex) -- AP reported this morning that CVS is settling patient information investigation with HHS and FTC to the tune of $2.25M. Here's the gist of it:

Employees at CVS (NYSE:CVS) pharmacies left the labels and other items in open trash bins outside stores, according to the Federal Trade Commission and the Department of Health and Human Services. The company also did not have adequate policies for disposing of that information, and did not sufficiently train employees to dispose of the information properly, the agencies say. The items that were not properly discarded included pill bottles, medication instruction sheets, computer order forms, payroll information, job applications and credit card and insurance information. Those labels and forms contained personal information including Social Security numbers and credit card and insurance information, and in some cases, drivers license numbers and account numbers. Names of the patients doctors were also included. CVS said it is not aware of any consumers being harmed and has not acknowledged any wrongdoing but settled the investigation "to avoid the time and expense of further legal proceedings." HIPAA has always been touted as a mechanism to ensure patient privacy and while it's been a good first step, HIPAA just doesn't have enough enforcement action capability or monitoring systems in place to make a substantial difference. What CVS is being fined for is not unique and certainly not going to go away anytime soon. As long as the healthcare system lives on paper and we have to use untraceable faxes, mail, copies, and other manual means of transmitting patient information these kinds of HIPAA violations will continue to occur. I for one am glad to see that some enforcement is happening but it's not enough to actual stem the tide of patient information disclosure violations. Newstex ID: HITG-0001-31990991

NOTES: The views expressed on blogs distributed by Newstex and its re-distributors ("Blogs on Demand®") are solely the author's and not necessarily the views of Newstex or its re-distributors. Posts from such authors are provided "AS IS", with no warranties, and confer no rights. The material and information provided in Blogs on Demand® are for general information only and should not, in any respect, be relied on as professional advice. No content on such Blogs on Demand® is "read and approved" before it is posted. Accordingly, neither Newstex nor its re-distributors make any claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained therein or linked to from such blogs, nor take responsibility for any aspect of such blog content. All content on Blogs on Demand® shall be construed as author-based content and commentary. Accordingly, no warranties or other guarantees will be offered as to the quality of the opinions, commentary or anything else offered on such Blogs on Demand®. Reader's comments reflect their individual opinion and their publication within Blogs on Demand® shall not infer or connote an endorsement by Newstex or its re-distributors of such reader's comments or views. Newstex and its re-distributors expressly reserve the right to delete posts and comments at its and their sole discretion.

LOAD-DATE: February 19, 2009

Copyright © 2009 LexisNexis, a division of Reed Elsevier Inc. All Rights Reserved.
Terms and Conditions Privacy Policy