BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

CVS Caremark has agreed to settle Federal Trade Commission charges

From: lyger <lyger () attrition org>
Date: Wed, 18 Feb 2009 16:53:03 +0000 (UTC)

http://7thspace.com/headlines/303909/cvs_caremark_has_agreed_to_settle_federal_trade_commission_charges.html

CVS Caremark has agreed to settle Federal Trade Commission charges that it 
failed to take reasonable and appropriate security measures to protect the 
sensitive financial and medical information of its customers and 
employees, in violation of federal law. In a separate but related 
agreement, the company.s pharmacy chain also has agreed to pay $2.25 
million to resolve Department of Health and Human Services allegations 
that it violated the Health Insurance Portability and Accountability Act 
(HIPAA).

"This is a case that will restore appropriate privacy protections to tens 
of millions of people across the country," said William E. Kovacic, 
Chairman of the Federal Trade Commission. "It also sends a strong message 
to other organizations that possess consumers' protected personal 
information. They are required to secure consumers' private information."

CVS Caremark operates the largest pharmacy chain in the United States, 
with more than 6,300 retail outlets and online and mail-order pharmacy 
businesses.

The FTC opened its investigation into CVS Caremark following media reports 
from around the country that its pharmacies were throwing trash into open 
dumpsters that contained pill bottles with patient names, addresses, 
prescribing physicians. names, medication and dosages; medication 
instruction sheets with personal information; computer order information 
from the pharmacies, including consumers. personal information; employment 
applications, including social security numbers; payroll information; and 
credit card and insurance card information, including, in some cases, 
account numbers and driver.s license numbers. At the same time, HHS opened 
its investigation into the pharmacies. disposal of health information 
protected by HIPAA. The FTC and HHS coordinated their investigations and 
settlements.

[...]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)

CREDANT Technologies, a leader in data security, offers advanced data encryption solutions.
Protect sensitive data on desktops, laptops, smartphones and USB sticks transparently 
across your enterprise to ensure regulatory compliance.
http://www.credant.com/stopdataloss
Previous By Date Next
Previous By Thread Next

Current thread: