Cornell Prescription Pharmacy, a small, single-location business in Denver, will pay a $125,000 settlement fine and adopt a corrective action plan for failure to comply with the HIPAA privacy rule since its compliance date in 2003.

The pharmacy reached a resolution agreement with the HHS Office for Civil Rights after local media in Denver reported that paper records containing protected health information for 1,610 patients was disposed of in an open container on the premises.

Also SeeNew HHS Meaningful Use Security Audits: What You Need to Know

“Evidence obtained by OCR during its investigation revealed Cornell’s failure to implement any written policies and procedures as required by the HIPAA Privacy Rule,” according to an OCR announcement. “Cornell also failed to provide training on policies and procedures to its workforce as required by the Privacy Rule.”

The sanction against the pharmacy is the 24th resolution agreement with a civil monetary penalty that OCR has imposed on organizations that demonstrated blatant disregard for the HIPAA privacy and security rules. It is the first such action taken in 2015 following six settlements in 2014. The resolution agreement and corrective action plan are available here.

This article courtesy of Information Management's sister site, HealthData Management.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access