HIPAA Horror Stories

The Deficient Druggist

one-minute read

A tiny Colorado pharmacy breaches Privacy Rule and pays big bucks.

When it comes to the Privacy Rule, being small is no defense.

A tiny, single-location pharmacy was hit with a big federal fine when protected health information was discovered in a bin, visible to anyone.

The Privacy Rule holds big and small businesses to the same standard

Cornell Prescription Pharmacy, a Denver, Colorado, druggist providing walk-in retail services to the public, paid a $125,000 penalty after a local news crew reported patient health data in a public space at pharmacy.

Upon investigation, the Office for Civil Rights (OCR) discovered that 1,610 patients’ protected health information (PHI) had been placed in an unlocked, open container on Cornell’s premises.

The OCR is the investigative agency of the U.S. Department of Health and Human Services responsible for investigating Health Insurance Portability and Accountability Act (HIPAA) violations.

The documents had not been shredded and contained personally identifiable details in violation of the HIPAA Privacy Rule, which is the part of the law that prohibits unauthorized access to patient medical information.

Patient Data Breach leads to more Privacy Rule violations.

During its investigation, the OCR also discovered Cornell had failed to train employees in the Privacy Rule standard practices, as required by HIPAA rules.

In addition to the $125,000 settlement, Cornell was forced to follow the details of a resolution agreement. The details of the resolution agreement include comprehensive employee privacy training and a plan to follow the HIPAA Privacy Rule.

How would you fare in a Privacy Rule investigation?

Look around your office. Look in your trash bins and around the copier. Is protected patient health information within view or reach of unauthorized people?

Remember, if a single pharmacy can be targeted in a HIPAA Privacy Rule Breach investigation, so can you.

We can help.

The HIPAA E-Tool® makes compliance fast and easy. Get your free HIPAA Quick Start kit, complete with a webcam privacy guard, HIPAA Hot Zone labels and a HIPAA checklist delivered directly to your office.

Don’t become a HIPAA Horror Story! HIPAA compliance is easy, when you know the rules.

Request A Demo

Copyright © 2020 ET&C Group LLC.

The HIPAA E-Tool® and Protecting Patient Privacy is Our Job®
are registered trademarks of ET&C Group LLC

Terms of Service | Privacy Policy

Powered by JEMSU

Mailing Address
The HIPAA E-Tool
PO Box 179104
St. Louis, MO 63117-9104

8820 Ladue Road Suite 200
Saint Louis, MO 63124

You may have questions about COVID-19 and HIPAA. We have answers. 

We are open and answering questions about all the new modifications and waivers, coming from HHS, OCR, CMS, and the new CARES act.

If you need help with HIPAA during the COVID-19 pandemic, fill in the form, and we’ll get back to you.

Free hipaa kit!

hipaa compliance Quick start kit
Delivered free