A small pharmacy, Cornell Prescription Pharmacy, in Denver, Colorado is being fined for HIPAA violations. The pharmacy is a small, single location business that will have to pay $125,000 in fees and fines for large HIPAA violations. They have been violating the HIPAA privacy rule. The local media found out about the violations and reported it. That report drew the attention of the HHS Office for Civil Rights, which launched an immediate investigation. The local media had reported that the pharmacy was disposing of patient records in an open container on the premises. The records contained large amounts of patient health information.
The violation put the information of 1,610 patients at risk. The OCR discovered that the media reports had been correct and found the pharmacy in violation of the Privacy rule on multiple accounts. They also discovered that the pharmacy had failed to enforce any of the policies and procedures required by the Privacy Rule. Additionally, they didn’t provide any training to employees on the privacy rule requirements and procedures.
This is the first action of the OCR in 2015. There were six settlements similar to this one in the 2014 business year. Overall, this is the 24th action that the OCR has enforced so far. With the increasing number of breaches occurring, the OCR is taking HIPAA violations more and more seriously.