Few Consequences For Health Privacy Law’s Repeat Offenders

by Charles Ornstein and Annie Waldman, ProPublica

Wikimedia/Creative Commons

Wikimedia/Creative Commons

When CVS Health customers complained to the company about privacy violations, some of the calls and letters made their way to Joseph Fenity. One patient’s medication was delivered to his neighbor, revealing he had cancer. Another was upset because a pharmacist had yelled personal information across the counter.

Fenity worked on a small team at CVS Health that dealt with complaints directed to the company president’s office, assuring customers their situations were rare. “I sincerely apologize on behalf of CVS Health,” Fenity says he’d respond. “This is not how we handle things. The breach of your protected health information was an isolated incident and we’ll do better.”

In fact, Fenity learned — partly from battling CVS over the privacy of his own medical information — that was “a lie.”

CVS, headquartered in Woonsocket, R.I., is among hundreds of health providers nationwide that repeatedly violated the federal patient privacy law known as HIPAA between 2011 and 2014, a ProPublica analysis of federal data shows. Other well-known repeat offenders include the Department of Veterans Affairs, Walgreens, Kaiser Permanente, and Walmart.

And yet, the agency tasked with enforcing the Health Insurance Portability and Accountability Act took no punitive action against these providers, ProPublica found.

Continue reading on propublica.com » which also has:


Tags: , , ,