ProPublica: CVS repeatedly violated HIPAA

CVS HEALTH customers had complained to the company about a range of privacy violations, according to a ProPublica article.
CVS HEALTH customers had complained to the company about a range of privacy violations, according to a ProPublica article.

WOONSOCKET – A CVS Health Corp. spokesman said Wednesday that a San Antonio call center employee was fired after a former employee complained that his private information was inappropriately shared.
The complaint, according to the nonprofit news organization ProPublica, was filed by former CVS employee Joseph Fenity.
CVS spokesman Mike DeAngelis said in an emailed statement that the complaint about the 2014 incident was “fully investigated” by the company.
“We determined that although no information about Mr. Fenity’s health condition or any specific medications he was taking was shared, the employee who engaged in that behavior was fired,” DeAngelis wrote.
“Employees who work in this call center are obligated by the terms of their employment to maintain the confidentiality of any patient information, including that of CVS Health employees, they may have access to as part of their normal scope of work. Employees who express any concern about speaking to call center representatives about their pharmacy care have the option to be assigned to a single, dedicated representative who is the only representative authorized to access their prescription account. Following Mr. Fenity’s incident, this option was offered to him, which he accepted,” DeAngelis continued.

He said protecting private information and the confidentiality of those the company serves are conditions of employment at CVS Health.
“All 200,000 of our employees working in our pharmacies, retail medical clinics, call centers and other facilities around the country are required to complete formal training on compliance with our privacy policies and procedures when they are hired, and annually thereafter. In addition, job-specific training on privacy practices occurs on a regular basis,” DeAngelis said. “Those who intentionally violate our privacy requirements and safeguards are subject to the termination of their employment. This would include the viewing of an individual’s prescription records without a legitimate business need to do so.”
CVS is among hundreds of health providers nationwide that repeatedly violated the federal patient privacy law known as HIPAA between 2011 and 2014, a ProPublica analysis of federal data revealed.

The ProPublica article said that CVS Health customers had complained to the company about a range of privacy violations, including a customer’s medication wrongly delivered to a neighbor, revealing he had cancer, and a pharmacist yelling personal information across the counter.
Fenity, according to the article, worked on a team at CVS Health that dealt with complaints directed to the company president’s office.

The breach involving Fenity occurred in September 2014, when he was unable to refill a prescription for a controlled substance — a medication to treat Attention Deficit Hyperactivity Disorder — at a CVS pharmacy. The article said he called the company’s helpline – as required – for permission to get the drug somewhere else.
All CVS employee calls were routed to the center in San Antonio where Fenity worked.
“Walking down a hall a couple of days later, Fenity heard the co-worker mention his name and the medical lingo used to describe controlled substance overrides. Deeply shaken, he told a supervisor, and, after investigating, the company fired the co-worker and counseled two others who were told the information,” the article stated.

- Advertisement -

No posts to display