Lawsuit alleges CVS Caremark violates HIPAA

As if CVS hasn’t already had enough trouble with the FTC and HHS, now six pharmacies in Texas are suing CVS Caremark. As Health Data Management reports, the pharmacies allege that the pharmacy chain and mail-order pharmacy benefit management firm have engaged in racketeering under the federal RICO law, trade secret misappropriation, and — most importantly for the purposes of this blog — violations of the HIPAA privacy rule:

The suit alleges privacy violations that started only months after the CVS/pharmacy unit of CVS Caremark in early 2009 agreed to pay a $2.25 million fine and institute corrective action plans following a federal government investigation of potential HIPAA violations.

The plaintiffs are members of American Pharmacies, a Corpus Christi, Texas-based pharmacy wholesale buying organization that is financing the lawsuit. The suit alleges that Woonsocket, R.I.-based CVS Caremark is violating a Federal Trade Commission-mandated firewall between its community pharmacy and pharmacy benefit management business units.

Rather, CVS Caremark has built an information technology platform that straddles all its business segments to collect and analyze patient data for marketing and other purposes in violation of the privacy rule, the suit alleges.

Read more on Health Data Management.

About the author: Dissent