Sufferers of CVS Caremark Data Breach Pursuing Class Action Complaint

March 30, 2018


It is supposed that healthcare data breach that saw the PHI of customers of CVS Caremark affected has led to a lawsuit against CVS, Caremark, and its dispatching supplier, Fiserv.

The lawsuit, which was presented in Ohio federal court on March 21, 2018, relates to a supposed secrecy breach that occurred because of an error that affected a July/August 2017 posting broadcast sent to nearly 6,000 patients.

In July 2017, CVS Caremark was employed to administer as the pharmacy benefits administrator for the Ohio HIV Drug Assistance Program (PhDAP), and according to that program, CVS Caremark provides entitled patients with HIV medicines and communicates with them about medicines.

In July/August 2017, CSV Caremark’s posting contractor Fiserve delivered letters to patients having their membership cards and data concerning how they might get their HIV medicines.

In the legal action, the grievance asserts HIV-related data was clearly noticeable through the plastic windows of the covers, letting the data to be viewed by mail service employees, family members, and roommates. It is asserted the posting led to the disclosing of the recipient’s HIV position.

According to the Ohio Division of Health policies, information that pertains to HIV should only be transmitted in non-window covers. The posting would have breached those policies and the Health Information Portability and Accountability Act (HIPAA) Laws.

Such a HIPAA violation must be informed to the Division of Health and Human Services’ Office for Civil Rights (OCR) within 60 days of detection of the breach; nevertheless, the petitioner claims no breach report was filed to OCR and warnings were not sent to affected people – An additional breach of HIPAA Laws.

Plaintiffs are indicting for punitive and compensatory harms and coverage of their legal expenditures.

There have been more breaches of HIV information over the last while, including a posting error by a dealer of Aetna. In that instance, HIV-related data might be viewed through the clear plastic windows of covers in a posting to 12,000 people. Aetna resolved a class action court case submitted on behalf of sufferers of the HIPAA violation for $17,161,200 and is presently indicting its posting supplier to recover the expenditures. The New York Attorney General also penalized Aetna in relation to the breach and resolved that case for an amount of $1.15 million.