Skip to content
Awareity
Awareity

The Pre-Incident Prevention Experts

Primary Navigation Menu
Menu
  • Home
  • About
    • About
    • Awareity Butterfly Effect
    • In The News
    • Contact
    • Support
  • Solutions
    • Information Security Training
      • Information Security Awareness Training
      • Awareness and Accountability Vault (AAV)
    • Prevention and Connecting the Dots Platform
    • First Preventers Framework
    • Prevention and GAP Assessment
    • Threat Assessment Teams
    • Climate Surveys
    • Partners in Prevention
    • Industries
      • K12
      • Higher Education
      • Diocese
      • Healthcare
      • Government
      • Corporate
  • Blog
  • Info Request

CVS's Expensive Trash

By: Awareity
On: February 26, 2009

I recently blogged about the Veterans Affairs and the lost laptop that cost Veterans Affairs (tax payers) $20M to settle a lawsuit against them.  Now we have some very expensive trash.

Attention all public and private organizational leaders!  Did you see the FTC charges released last week against CVS Caremark Corporation?  The costs of not establishing, implementing and maintaining a comprehensive information security program to protect the security, confidentiality, and integrity of personal information it collects from consumers and their employees is expensive! The FTC order requires CVS to pay $2.25 million to HHS to settle HIPAA violations and CVS is required to obtain independent, third-party audits every two years for the next 20 years.

I would strongly encourage all executive management personnel take a few minutes to review the information and then immediately use CVS’s lesson learned to proactively assess your organization’s information security and privacy practices – policies, procedures, processes, etc.

The FTC Complaint noted CVS employees were discarding materials containing personal information in clear readable text in unsecured, publicly-accessible trash dumpsters on numerous occasions and at multiple CVS Pharmacy locations.  Materials included prescriptions, prescription bottles, pharmacy labels, computer printouts, prescription purchase funds, credit card receipts, and employee records.

According to the FTC Complaint, CVS Pharmacies failed to (1) implement policies and procedures to dispose securely of such information, including, but not limited to, policies and procedures to render the information unreadable in the course of disposal (2) adequately train employees to dispose securely of such information (3) use reasonable measures to assess compliance with its established policies and procedures for the disposal of such information; or (4) employ a reasonable process for discovering and remedying risks to such information.

Unfortunately most organizational leaders will not take the time to understand what this FTC order really means and will not use the FTC order to help their organization.  For example, many organizations do not have a reasonable process for discovering and remedying risks and have no way to measure or assess whether employees understand or are in compliance with established policies and procedures.  Too many organizations say “we have policies and procedures”, but they have no way to implement and maintain the policies and procedures as situations and risks change because most organizations think once-a-year “event” training is good enough….which is definitely not the case and can be very expensive to your organization.

FTC Charges

FTC Complaint

2009-02-26
Previous Post: Customized Knowledge and Accountability is Worth At Least $20M
Next Post: If Tiger Woods Can’t Do It…What makes you think you and your employees can?

READ MORE:

WATCH MORE:

Not seeing the form to request information? Drop us a line and we’ll send you more information!

Recent Blog Posts

Higher Ed Research facts, silos, and different actions

April 10, 2025

Community Research facts, silos, and different actions

April 10, 2025

K12 Research facts, silos, and different actions

April 3, 2025

Bias-based Decisions Can Be Overcome

December 4, 2024

First Preventers Believe…

October 18, 2024

Rick Shaw, Founder & CEO

Click here to learn more about Founder, CEO, and Prevention Specialist, Rick Shaw.

Awareity on Twitter

Tweets by Awareity

Search

Tweets by Awareity

Support

Need more information on
Support for AAV or TIPS?

Click here

What are you looking for?

Connect the Dots With Us!

 | |

Designed using Dispatch Premium. Powered by WordPress.

This site uses cookies to ensure that we give you the best experience on our website. Continuing to use this site means you are agreeing to the use of cookies.Ok