Unsecured industrial trash containers outside certain stores, is no place to dispose of privacy-protected patient information, as CVS and CVS Caremark, Corp. (the parent chain) have learned. In coordinated investigations and actions, the FTC and Office of Civil Rights found that "CVS failed to implement adequate policies and procedures to appropriately safeguard patient information during the disposal process; and CVS failed to adequately train employees on how to dispose of such information properly". CVS and CVS Caremark signed resolution agreements with the FTC and HHS involving $2.25 million dollar resolution amounts and commitments by CVS and CVS Caremark.
Clicking on the title above will bring up the HHS Resolution Agreement and Corrective Action Plan. OCR's new FAQs concerning disposal of protected health information can be found at http://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/disposalfaqs.pdf while information about the FTC Consent Order agreement can be found at www.ftc.gov.
Thursday, February 19, 2009
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment