HIPAA violations are finally starting to be punished

February 19, 2009

AP reported this morning that CVS is settling patient information investigation with HHS and FTC to the tune of $2.25M. Here’s the gist of it:

Employees at CVS pharmacies left the labels and other items in open trash bins outside stores, according to the Federal Trade Commission and the Department of Health and Human Services. The company also did not have adequate policies for disposing of that information, and did not sufficiently train employees to dispose of the information properly, the agencies say.

The items that were not properly discarded included pill bottles, medication instruction sheets, computer order forms, payroll information, job applications and credit card and insurance information. Those labels and forms contained personal information including Social Security numbers and credit card and insurance information, and in some cases, driver’s license numbers and account numbers. Names of the patients’ doctors were also included.

CVS said it is not aware of any consumers being harmed and has not acknowledged any wrongdoing but settled the investigation "to avoid the time and expense of further legal proceedings."

HIPAA has always been touted as a mechanism to ensure patient privacy and while it’s been a good first step, HIPAA just doesn’t have enough enforcement action capability or monitoring systems in place to make a substantial difference.

What CVS is being fined for is not unique and certainly not going to go away anytime soon. As long as the healthcare system lives on paper and we have to use untraceable faxes, mail, copies, and other manual means of transmitting patient information these kinds of HIPAA violations will continue to occur. I for one am glad to see that some enforcement is happening but it’s not enough to actual stem the tide of patient information disclosure violations.

Older Comments
  • Dllindenmayer

    I had to do a fit for work test, The doctor who ordered it is a Kentucky state employee, I had filed greivence s concerning the reason for the testing. The doctor gave information concerning an a 2002 MRI I had privately had done and I was not employed by the state at that time, how he got the information is beyond me, as I never signed a release and no one employed by the state knows about my 2002 MRI The doctor who order the fit for work test and a new MRI gave my medical information to the person in the chain of command who is mediating my grievence . I did not give the doctor my permission to give mediator any of my medical information. Is this a violation of my rights?

  • robin

    I am an LPN And I was out sick for a severe sinus infection and the day I called in it was discussed with the other staff members at the nurses station by my supervisor. She questions other staff members who had been to the same doctor if they had been written out for this before. She told them where I went to the doctor and who I saw. Is this a HIPPA violation and what can I do about it? Tthis is not the first time. time.

  • DA9

    I work for a state health care facility.My supervisor told a co-worker that I was out sick more then I was there. ( which by the way is NOT true). This co-worker does not even work in the same location that I work in. Is this a HIPPA Violation?

  • Vdegroot

    My boss went on a couple of tirades against me in front of two different groups of people on the same day, saying the most personal disrespectful and slanderous things. I ended up going to the hospital later that day because I couldn't stop crying after these violent outbursts. The ER doctor put me on medical leave Friday – Monday (3-day holiday weekend) and the HR department processed FMLA papers for the days I was on leave.
    My boss refused me to allow to return to work and I was eventually fired two weeks later.
    The day I went to the hospital my boss began calling people and telling them I had had a nervous breakdown, yelling at managers and such, and had to be fired. I have three people directly confirm to me that my boss personally told them I had a nervous breakdown. Presumably there are many others, as I was a very popular senior executive at the company and my sudden disappearance had to be explained somehow.
    HIPPA violation?

  • Smithsown

    Visitors are allowed in our ICU all the time. We give bedside report. Can bedside
    report be a hippa violations?

  • Sharry Baker

    Is it a violation of HIPAA if you work at a hospital and a family member ask you to look up the test results and you do so having their permission and giving the test results.

  • Faith Harwell

    i worked for a company i was fighting an appeal, and in the process of my investigation i had a hipaa violation, but i did not know tharts what i had until i was told. i feel a lack of education was the blame.

  • Carla Gebert

    Are you kidding? Of course it is a violation of HIPPA. Any information that you are not specifically privy to is not yours to look at. You may want to re-read the HIPPA regulations again for a refresher.

  • Tinawilson_2007

    long story short i had an atty violate my rights she told her friend who is a pt whos husband was one of the dr i work with who told my administrator who told human resource mgr who then told a coworker. what can i do

  • Valkyriegirl_1

    I was just discharged from my company stating i violated a hippa law, I accidentally sent a pmt reciept to a patient and didnt block the other names out. They are fighting me on unemployement now, did I really violate the hippa law?

  • ZumbaconJOSE

    I HOPE I CAN POSE A QUESTION:

    IF I WERE PROVIDING PROOF OF MY WORKLOAD TO AN EEO EMPLOYEE (THAT WORKS FOR THE FACILITY )THAT IS ASSISTING MY CASE, AND IT CONTAINS PT. NAME, AND MD.PROVIDER)., WOULD THIS BE A HIPAA VIOLATION? WOULD PROVIDING “ONLY” A PROVIDER (PHYISICIAN”S NAME) A HIPAA VIOLATION AS WELL?

    THANK YOU

  • maggie

     I was ask by my husband to make an appt for him in my department, so i went into his MR to see which doctor and what the reason was and to get his MR number , then realized that an appt was not needed twice. I do this on a daily basis with all my patients and was never told that was a hippa violation.  I was terminated 1 year after the incident and heard that other staff that did the same thing was not even terminated. Can you tell me if this is a hippa violation ?

  • Stillplayin42

    I work at a hospital. I am a Registered Nurse who attempt to call into work ill due to my medical condition. I was told by my Director I had no choice and had to come in, by the way I live 25 miles away. I did has I was told and went to work with numberous issue such has hitting the road work construction barrels. I arrive at work, walking in the parking lot and unable to get in the hospital. A fellow co-worker found me and helped me. The CNO of all people took me into the ER via a wheelchair. I had called my daughter or a close friend did and she was in the room with me. The ER doctor stated I was drunk and my daughter informed him I needed fluid and potassium ASAP. My husband also relayed that message to the er physician. But my Director decided to take it upon herself to my ER Room to find out what my problem  was as well as letting my Chief of Nursing Officer (CNO)  what my problems where. She took it upon herself to talk about my medical problems during nursing week infront of   fellow co-workers who some I didn’t even know.  I report this to our in the  hospital person who handles HIPPA violations. I don’t  have any answers or resolution to my problems. What do I do from here do I need a lawyer or where do I go from here. Sorry this is so long and answers??

  • disgustipated

    Here’s my story:

    My brother is currently prescribed suboxone for opiate addiction/dependence. He gets his suboxone prescription filled every month at a local CVS. A few days ago, a pharmacy technician at CVS (the pharmacy tech is friends with my ex wife) told my ex wife that my brother is on suboxone and that he gets them filled at the CVS where she is employed. Even though this has nothing to do with me, my ex is trying to use it against me. When I ask to see my kids and she does not want to comply, she accuses me of taking my brother’s suboxone. Yesterday she called griping for more money (child support is withheld from my paycheck already), and her accusation was that I could afford to pay her more money if I did not help my brother pay for his suboxone. The truth is that I do not take, nor do I help pay for my brother’s suboxone prescription. My ex wife is just grasping at straws. Furthermore, she is running her mouth and telling people around town that my brother is a pill head, etc.

    My question is:  Did not the pharmacy tech at CVS violate patient confidentiality laws when she told my ex what type of medication that my brother is on?  Do I or my brother have any recourse in this situation, aside from anger and frustration?  I have not informed my brother of the situation yet, but I’m sure he won’t be pleased to know that his personal info is being spread all over town because some pharmacy tech could not do her job and keep her mouth shut.

    Sorry about the length of my post, and any advice will be MUCH appreciated.

  • Sharlena16

    I was being seen by my Dr office, who had diagnosed me with a disability. I had spoke with a lawyer and they were curious how I got the disability. I went into my Dr office and had two friend with me. The Dr came into the room and after hearing thAT I was talking with a lawyer, she decided to say that I didn’t have a disability. I was very upset and asked to speak with some one else. A manager took me to get a print out of all my records. As I was in the room the girls at the front desk was talking about what was going on while my friends I’m the waiting room could hear everything. I ended up being removed from the Dr office and the police ended up speaking two me. While I was talking to the police officer with my two friends, the officer asked the security guard to go back to the Dr and request my prescriptions. The security guard came back to us and on three occasions told my friends that the prescriptions were narcotics.. has the Hillary law been broke..

  • Sharlena16

    Has the HIPPA law been broken?

  • angry

    My husband is on Suboxone and he went to the Dr. for his next appt 1 week early. He told the nurse that he was going out to town and that is why he needed to move up his appt. The nurse called his boss to verify that he was going to be on vacation from work and his boss said NO. My husband is now fired because of this phone call. Does the nurse have a right to talk to my boss?

  • embarassed

    I just had an incident with CVS two days ago.  When I went to pick up my prescription from the pharmacy the counter technician, after putting my prescriptions in the bag, took them out and without discretion repeated the name and dosage of each medication and asked me if that was right.  I can understand that she may have wanted to be sure I had everything, but there were people waiting for their prescriptions to be ready and other people on line.  Her voice was loud and heard by everyone.  I may change pharmacies because of this incident.  I was humiliated that she would share my prescription information with every one.  I don’t share my illness with anyone.  If you know my meds, you have an idea of my illness.

  • Zurinskyl

    Can you tell me if I was to send an email to a person intended for another person but the clients name  only is showing with no other information is that in violation of HIPAA?

  • Deanna

    I work in a hospital and was injured at work. I saw a workers comp doctor and told my boss what the doctor said. She apparently didnt believe the doctor and I overheard her discussing my case with a doctor from our facility who is not invovled with my workers comp claim. is this a violation of hippaa?

  • angry

    So if you know there was a HIPPA violation regarding your treatment and it was done maliciously then what? Can you sue and if so how do you go about it?

  • Some Nurse

    Dear Disgustipated,

    Let me start by saying how disappointing this story was to read.  Your frustration and anger are totally understandable.  

    I’d like to preface my comments by saying that I am not, by any stretch of the imagination, an expert on HIPAA or privacy/confidentiality in all healthcare-related arenas.  As an RN, I understand the theories of privacy laws in the general sense and I know the guidelines as they relate to my function as a nurse in the hospital setting (meaning, I cannot say with 100% certainty what the rules or guidelines are for pharmacy professionals).  Also, I’d like to make it clear that my assessment of this situation assumes that your ex-wife did, in fact, learn of your brother’s prescription in the manner you described and not in any other way.  

    That said, it does, indeed, sound as though your brother’s rights were violated.  At the very least, what the tech allegedly did was unethical, if not illegal, and, I suspect, most likely violates CVS company policy on privacy.  Unless your brother waived his rights in writing AND specifically authorized the pharmacy to provide your ex-wife with information, I cannot think of any justification for the tech to tell her anything about his prescription(s) or pharmacy purchases (even to confirm that he is a customer there).  

    As for what recourse either of you have, I’m afraid I have even less advice to offer.  By all means, you should report the incident to the store/pharmacy manager so that the employee can, at a minimum, be educated on the policies and so that the store can take appropriate disciplinary action.  I have heard of hospital employees being fired for simply accessing/reading patient files when they were, in no way, involved in that patient’s care.  However, unless your ex-wife confirms your story, the tech may not be punished at all, it just depends on CVS policy.  You’d have to consult an attorney to determine if and to what extent you or your brother have grounds for litigation.  By the way, many healthcare-related companies have confidential hotlines where callers can anonymously report suspected violations.  I hope this helps.  Good luck!

  • http://www.facebook.com/people/Lori-Heeren-Scribner/1023819945 Lori Heeren Scribner

    A family member was seeing a social worker and my name and contact information was given to this social worker. The social worker then gave my address to an individual I didn’t want to have my address. I was not the patient so would this still be a HIPPA violation.

  • Channine

    my doctor thought i was suicidal when i called crying asking if I can increase my new depression medication. The doctors office called the police to do a wellness check on me and gave the police my emergency contact’s phone number that I had listed in my demographics a call disclosing my status, was this a hipaa violation?

  • confused

    my boyfriend came with me to my baby dr’s appointment to see our first ultrasound. The doctor then asked me about my history of herpes. i havent told him yet (i know i should have) so the doctor told my information right in front of him. is that violating hippa or since i had him in there with me, she could say my information in front of him?

  • Sinuwell1

    My manager told another employee about a drug screening , is this a violation of hippa?

  • Richk3571

    A doctor performed a medical proceedure recently on a family memeber and confronted me in waiting area and openly discussed the medical proceedures in front of others, is this a violation? It left me angry and upset.

  • Fedup

    I am undergoing infertility treatment (have Always had an issue for many years) I conceived my 2 year old via infertility treatment and have decided to try for #2. I am using a new office since we recently moved. Last week when I had my visit I went with my child she was in her baby carriage. After I signed in, registered, and went to the billing line I was on my way to the main spacious waiting room when a gentleman approach’s me and asks me if he can speak with my in private and points for me to go into a room behind me. The room was literally 3×3 and as I mentioned I had my carriage so we were squashed but I was more concerned with what he wanted to discuss with me. Well, he glances at my carriage and begins to say how the patients here are struggling with infertility and they see me and my baby and get upset. I ADMIT when he first told me I completely understood because as I mentioned I struggled for years myself so I said I completely understand so then he says “ok so if you wouldn’t mind whenever you come in for a visit will you please sit in this room” (no TV, NO, Window… just a TINY room. He would let the nurses know that I was sitting in this room, closes the door and leaves.

    Ok so that’s not even the main issue, but as I sat there I couldn’t believe I had agreed!!! Suppose this child was my niece or I was babysitting! I was so angry at myself for allowing that!

    Ok, on my next visit I went with my husband, to make a long story short, they couldn’t find my paperwork that I signed, the appointment was scheduled for the following day we were early… and so on…
    We saw the dr & he went over our records & my husband has Hep C, so he instructed us that he needs letters from our doctors giving clearance to proceed safely. After we saw the Dr., since he couldn’t find the rest of my blood work, he asked us to go to another floor with him. So we all take the elevator, low and behold guess whose inside, the guy who asked me to wait in the tiny room so I tapped my husband to say that was him! Anyway we all exit the dr tells us, he will brb he was going to see if he could track them down. And there he went at it again…. He walks over to us, and says, “hey can I have a word with you guys over here…” And points towards that room.. I immediately stopped him and said, “no you cant, but thank you. I am waiting in this room like everybody else, I’m not sitting in a room I can barely fit in. I agreed with you last time you approached me and now I thought about it and I struggled myself for 13 years and will not hide from other women.” Of course he was SHOCKED and said he was just doing his job….

    Anyway, the Dr comes back and says he located the paperwork. He then proceeds to tell us, how “we need to bring letters in from our PCP for my husbands Hep C and That he will need a letter for me as well from my dr because he wants to make sure I do not contract the Hep C as well. Or else we cannot continue with the treatment cycle”
    Here is my question….. The doctor said this in the waiting room in front of patients & there was one sitting directly to his right! I was SOOOOO EMBARRESSED I wanted to die!!!! Between the patients in the office now knowing my husband has Hep C & I may contract and no less, I had my baby there so it was even worse feeling for me!!! And that guy approaching me about sitting out of the main area I wanted to cry! I felt like people were looking at us in disgust like we were the family of diseases!

    So, my question is…. do i have a case with the dr doing that? I am not sure if this is a HIPPA violation or perhaps something else. (btw I never went back for my appointment and when the nurse called me I told her everything I said above and her comment about the dr saying that was “oh that’s not acceptable”

    Any advice? Do I have a case ?

  • Nora

    Confused-

    I don’t know the exact wording, but I work with HIPAA compliance and know that if there is someone in the room with you that you wanted in the room, the doctor is able to speak openly about your medical details. Now if you made it clear you did not want your boyfriend in the room, or if the doctor discussed this in public, that would be a violation. Because your bf was in the office with you, it is considered reasonable (read: legal) to talk about your medical history. Basically it’s like this: doctors can discuss medical stuff with your family and friends if you, the patient, agrees OR, when given the opportunity, does not object. By having him in the room with you, you are “not objecting” to him knowing your medical details. I mean, after all, it is a medical check up… You should expect a doctor to discuss your medical history.

  • Tamika_dobbins

    what can happen to a pharmacist that violate hippe

  • worried sister

    my sister worked at a hospital and got terminated for accessing a patients file they claim for not a right to know it was part of her job to access these files and pull reports for doctors when asked to in doing this they had no policy or procedure for nothing to protect her the hospital or the patients from a hippa violation if a complaint was filed (no log or place to note why in the file and for whom and was to give information to whom ever called as long as they stated they was from a doctor’s office with no proof) she stated that she was just doing her job that was the only reason she would be a file at all they investigated this and showed that she did log into the files but nothing was printed or faxed out then terminated her for a class 3 hippa violation this dont seem right to me could she sue for wrongful termination? 

  • Janesmith

    At work a guy had been fired because he was selling prescription drugs,  just back from FMLA they call us into the office and ask us what medication we were taking, isn’t this a direct violation of the law?

  • Linda

    My daughter’s doctor’s office called and gave her test results to one of her co-workers, who then texted her the info. her husband and I are the only ones on her list to be given medical info to. Did the doctor’s office break the hippa law?

  • Joemikeococ

    Each time I go to my pharmacy to pick up my medication I here personal information about other customers….Like, kinds of medication, phone numbers, medical record numbers, reasons for medication, patient’s name, address or phone number, Doctor’s name, and other patient information…..the pharmacy has 4 windows going at once and at each pharmacy their behavior is similar.  My guess is the HIPPA laws aren’t effective under these conditions…what do you think?

  • gloria

    i was @ my chiropractors office for an adjustment…i didn’t have a co-pay but when i got to the front of the desk the girl in  the back office yelled out “you owe for the last 3 visits plus this one which is 40.00 for each visit….thats $160.00, i asked why she was just informing me of my co-pay now and she could have done it “professionally” the last 3 months i was there? i told the receptionist that i had to go get my purse from the car and the lady in the waiting room started laughing and said “watch the bitch leave”….i was pissed and totally humiliated by this…..is this considered a HIPPA violation?  

  • Kenneth g Varney-707-954-0431

    My name is Ken Varney with a clean record?In Del Norte County,C.A.,I was arrested  May 8,2011,Two months later not getting proper medical  while in jail.I had a stroke maybe 2 hours the jailer”s knowing something was wrong left in a wheel chair .They said you better not by faulting a stroke,while in kicking and shacking not ably to talk with flashligts in my eyes.The next morning in the Hospital kn know not under

  • Waters

    My husband was recently dismissed from a hospital, & he was given dismissal instructions , but the last three pages were on another patient. They were actually medical history & etc. We have contacted the hospital numerous times to discussed this incident, but have not been called back We feel like this was a hippa violation.

  • http://www.webhostings.in/ Web Hosting Provider

    Great and unique contents you have shared here and these great writers thoughts i got here..

  • BUNNY

    IS IT A VIOLATION IF A PHARMACIST SHARES INFORMATION WITH A DOCTOR ABOUT MEDICATION THAT IS BEING PROVIDED TO A PATIENT BY ANOTHER DOCTOR?

  • Xxlexybobexyxx

    is it a violation of HIPPA if i said nursing homes name and that someone pooped and it splattered on my shoe to a classmate? i didnt say anyones name besides the facilities

  • Longus2nd

    My job requires me to have a physical every year.  My boss is given a complete copy of my physical and he says it isn’t a violation because he pays for it.  I know the law requires him to pay for it so I feel it is a violation my the doctor and my boss.  I’ve called several federal agencies and local agencies but get the run around.  Any advice as what I should do?  Thanks

Older Comments

Previous post:

Next post: