Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
CVS Health
Reported a breach of medical information involving at least 500 people to the U.S. Department of Health and Human Services, Office for Civil Rights; the report was received on July 2, 2013. Also cited in 226 other reports.
Report ID: AZ027, U.S. Department of Health and Human Services, Office for Civil Rights
Reported Entity: CVS Caremark
Issue:
Business associate (BA) employees erroneously sent 4,305 health plan members' protected health information (PHI) to other plan members. The PHI involved in the breach included names and prescribed medication(s). The covered entity, Northrop Grumman Retiree Health Plan, provided breach notification to HHS, and the BA, CVS Caremark, provided breach notification to affected individuals and the media. Following the breach, the BA revised its quality control policies for targeted mailings and retrained employees involved in the breach to prevent similar incidents in the future. OCR obtained assurances that the BA implemented the breach notification and policy revisions listed above.