Skip to content
Awareity
Awareity

The Pre-Incident Prevention Experts

Primary Navigation Menu
Menu
  • Home
  • About
    • About
    • Awareity Butterfly Effect
    • Contact
    • Support
  • Solutions
    • Information Security Training
      • Information Security Awareness Training
      • Awareness and Accountability Vault (AAV)
    • Prevention and Connecting the Dots Platform
    • First Preventers Framework
    • Prevention and GAP Assessment
    • Threat Assessment Teams
    • Climate Surveys
    • Partners in Prevention
    • Industries
      • K12
      • Higher Education
      • Diocese
      • Healthcare
      • Government
      • Corporate
  • Blog
  • Info Request

Rite Aid – HIPAA Violation – Lessons Learned Not Implemented

By: Awareity
On: August 12, 2010

 

Did everyone see this ultimate lesson regarding lessons learned but not implemented?

Remember back in February 2009 when the Federal Trade Commission (FTC) issued a settlement against CVS Caremark?  According to the settlement, CVS Caremark violated the HIPAA privacy rule and the FTC Act when some of its stores improperly disposed of prescription information and pill bottles that had patient information on them.  The settlement resulted in a $2.25 million fine and they must ensure their security program meets the standards of the settlement [including ongoing audits] for the next 20 years.

Now roll the clock ahead to July 2010 and another pharmacy chain – Rite Aid Corp. – has agreed to pay a $1 million fine because they violated the HIPAA privacy rule and the FTC Act when some if its stores improperly disposed of prescription information in dumpsters.

The HHS settlement against Rite Aid requires their pharmacies to:

  • Establish policies and procedures for disposing protected health information and sanctioning workers who do not follow them;
  • Create a training program for disposing of patient information;
  • Conduct internal monitoring;
  • Obtain an independent assessment of its compliance for three years.

 

The FTC settlement against Rite Aid requires the company to:

  • Establish a comprehensive information security program designed to protect the security, confidentiality and integrity of the personal information it collects from consumers and employees;
  • Obtain, every two years for the next 20 years, an audit from a qualified independent third-party professional to ensure that its security program meets the standards of the settlement.

 

For lessons learned to become lessons implemented, organizations must ensure that their program [security, privacy, compliance, risk management, etc.] is clearly defined, communicated, acknowledged by all appropriate personnel, documented, updated and maintained on an ongoing basis.

Unfortunately most programs are just pushed out on portals, intranets and shared drives or blasted out in binders, e-mails and memorandums.

Albert Einstein said it best:

“Insanity is doing the same thing over and over again and expecting different results.”

Are you and your organization doing the same thing over and over again and expecting different results?

2010-08-12
Previous Post: Blueprints Do Not Build Skyscrapers
Next Post: Are Your Security Cameras Mobile, Capable of Making Incident Reports?

READ MORE:

WATCH MORE:

Not seeing the form to request information? Drop us a line and we’ll send you more information!

Recent Blog Posts

Higher Ed Research facts, silos, and different actions

April 10, 2025

Community Research facts, silos, and different actions

April 10, 2025

K12 Research facts, silos, and different actions

April 3, 2025

Bias-based Decisions Can Be Overcome

December 4, 2024

First Preventers Believe…

October 18, 2024

Rick Shaw, Founder & CEO

Click here to learn more about Founder, CEO, and Prevention Specialist, Rick Shaw.

Awareity on Twitter

Tweets by Awareity

Search

Tweets by Awareity

Support

Need more information on
Support for AAV or TIPS?

Click here

What are you looking for?

Connect the Dots With Us!

 | |

Designed using Dispatch Premium. Powered by WordPress.

This site uses cookies to ensure that we give you the best experience on our website. Continuing to use this site means you are agreeing to the use of cookies.Ok