What are the Penalties When Pharmacies Violate HIPAA Rules?

HIPAA Regulations

Whether you have a large or small business, if you’re engaged in the healthcare industry, HIPAA compliance is a must. Any failure to protect the confidentiality, integrity and availability of PHI can result to undesirable consequences. Several pharmacies have already received penalties over the past few years because of HIPAA violations. Penalties for HIPAA violations do not only mean paying fines. Violating the regulations can also cause a serious damage in the reputation of the pharmacy.

The Department of Health and Human Services’ Office for Civil Rights increased its efforts in enforcing HIPAA Rules in the past two years. This resulted to a rise in the number of fines and settlements over HIPAA violations received by OCR. The HHS’ Office for Civil Rights had issued fines to violating covered entities up to $1.5 million per violation category per year.

State attorneys general also took more action over privacy breaches in recent years. There were more financial settlements received from covered entities that exposed or impermissibly disclosed PHI.  Fines up to $250,000 may be issued by state attorneys general when the same violations are repeated in one year. 

Some of the high profile violations involving pharmacies in the past are listed below:

  • CVS Pharmacy made settlements with OCR for HIPAA violations in the amount of $2.25 million in 2009. The violation involved the improper disposal of prescription bottles and receipts.
  • Rite Aid Corp paid OCR the settlement amount of $1 million in 2010. The HIPAA violation involved improper disposal of PHI.
  • Walgreens paid a fine amounting to $1.4 million in 2014 because of impermissible disclosure of PHI. A pharmacist was discovered to have shared the PHI of a patient with her husband and three other persons.
  • Cornell Pharmacy, which is located in Denver, paid a $125,000 fine in 2015 for the improper disposal of PHI.
About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: https://www.linkedin.com/in/liamhipaa/