TRENDING:

Suit: CVS Caremark Violating HIPAA

Independent Pharmacies Allege Unfair Practices Howard Anderson (ismg_editor) • October 5, 2010    
Suit: CVS Caremark Violating HIPAA
Six independent pharmacies in Texas are suing CVS Caremark, alleging, among other things, that the company has violated the HIPAA privacy rule.

The lawsuit against CVS Caremark also alleges violations of the Racketeer Influenced and Corrupt Organizations Act, or RICO, and trade secret misappropriation. It claims that CVS Caremark has failed to implement a "firewall" between its retail pharmacy unit and its pharmacy benefit manager unit, which accesses drug information from other pharmacies, as required when the Federal Trade Commission approved the merger of CVS and Caremark in 2007.

Use of Information Questioned

"The combined company built an information technology platform that straddles all CVS Caremark's business segments, capturing in-depth patient data for marketing and other purposes in violation of HIPAA patient privacy laws," according to a release from the plaintiffs.

The plaintiffs are board members of American Pharmacies, a pharmacy wholesale buying group that's financing the lawsuit.

The suit alleges that CVS Caremark "mines the accumulated patient- and pharmacy-specific data to identify individual patient-buying practices, their physicians' prescribing practices and individual pharmacy business volume," according to the release. "CVS Caremark contacts patients via direct mail and phone calls about their prescriptions, urging, and in some cases, mandating, plaintiff's patients to use CVS Caremark retail or mail-order stores."

CVS Reaction

In a statement reacting to the lawsuit, CVS Caremark said, "We have learned that a new lawsuit has been filed and are in the process of reviewing its contents. CVS Caremark is confident that its business practices and service offerings, which are designed to reduce healthcare costs and expand consumer choice, are being conducted in compliance with applicable antitrust, privacy and other laws."

In early 2009, CVS Caremark agreed to pay a $2.25 million fine to settle FTC charges involving the improper disposal of patient information in dumpsters in violation of HIPAA.

Previous
Biometrics and HITECH Compliance
Next
Building Public Trust in Secure EHRs

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.



Around the Network

How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Why Health Firms Struggle with Cybersecurity Frameworks
Why Health Firms Struggle with Cybersecurity Frameworks
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.