• E-mail
• Print
• RSS

Rite Aid's settlement second largest regarding HIPAA violations

HIPAA Weekly Advisor, August 2, 2010

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

Rite Aid Corporation could have avoided a $1 million fine by simply enforcing its HIPAA policies and procedures and providing ongoing staff training, experts say.

Rite Aid, of East Pennsboro Township, PA, and its 40 affiliated entities agreed to pay the Department of Health and Human Services (HHS) $1 million for potential HIPAA privacy violations in a settlement announced by HHS July 27.

An investigation by the Office for Civil Rights (OCR), which enforces the HIPAA privacy and security rules for HHS, revealed the pharmacies disposed of pill bottles and prescriptions that included protected health information (PHI) in trash containers without proper safeguards.

Rite Aid, the nation’s third largest pharmacy, also signed a consent order with the Federal Trade Commission (FTC) to settle potential violations of the FTC Act and agreed to report compliance efforts to the FTC for 20 years.

Rite Aid’s settlement is the second largest of its kind.

Just shy of 18 months ago, the nation’s second largest pharmacy, CVS Caremark Corp., agreed to pay $2.25 million for nearly identical potential HIPAA violations affecting millions of customers. It also improperly disposed of patient information, such as pill bottle labels, in public trash containers.

Read more on HIPAA Update.

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

• E-mail to a Colleague
• Print
• RSS
• Archive