Home -> Law Blog Directory -> Health Law Blogs -> Health Care Law Blog

OR PHONE (866) 635-1838 for Bankruptcy Help, (866) 635-6190 for Divorce,
(866) 635-2689 for Personal Injury or (866) 635-9402 for Criminal Defense

Find a Local Lawyer

Bankruptcy (866) 635-1838
Divorce (866) 635-6190
Personal Injury (866) 635-2689
Criminal Defense (866) 635-9402


Health Law

: Health Care Law Blog

HIPAA Settlement: Dumping of PHI Results In $2.25M Settlement

By Bob Coffield

This week's settlement by CVS, the nations largest retail pharmacy chain, to pay the U.S. government a $2.25 million settlement and take corrective action highlights the need for providers and other covered entities to focus on the simple privacy protections such as appropriately disposing of patient information in a secure manner.

The first known joint investigation and settlement by the U.S. Department of Health and Human Services (HHS) and the Federal Trade Commission (FTC) with CVS was the result of CVS failing to guard patients PHI when disposing of patient information such as identifying information on pill bottle labels. .

The review and settlement under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule by OCR and the FTC indicated that:

  • CVS failed to implement adequate policies and procedures to appropriately safeguard patient information during the disposal process
  • CVS failed to adequately train employees on how to dispose of such information properly
The investigation started after various news media reported fiding prescription drug and other PHI had been dumped into unsecured trash containers at CVS pharmacies. As a result CVS not only violated the HIPAA Privacy Rule but also was brought under the FTC's deceptive business practice guidelines by claiming that CVS represents to consumers that maintaining customer privacy was central to their operations.
For more read the OCR Press Release (related OCR information/summary) FTC Press ReleaseComplaint and Consent Order) and the Resolution Agreement. Also, OCR has posted new FAQs that address the HIPAA Privacy Rule requirements for disposal of PHI.
(related FTC

Full post as published by Health Care Law Blog on February 20, 2009 (boomark / email).

Bloggers, promote your law blog by nominating your blog for inclusion in's Law Blog Directory and RSS Reader. Benefits described.
Related Law Blog Posts
Search Blog Directory:

Search Blog Directory:

Related Law Articles

Lawsuits and Settlements

Related Searches

US Law
#1 Online Legal Resource

Your Blog Subscriptions
Subscribe to blogs

10,000+ Law Job Listings
Lawyer . Police . Paralegal . Etc
Earn a law-related degree
Are you the author of this blog? Adding to your Blogroll increases relevance. You qualify to display a USLaw Network badge.
Suggest changes to this blog's description or nominate another for inclusion. Register for updates.

Practice Area
Zip Code:

Contact a Lawyer Now!

0.7254 secs (new cache)