I have been following this case from the beginning and wondering why the heck HHS didn’t come down on Walgreens like they did on their competitors CVS and RiteAid. And now we learn that OCR just closed the case with no penalty? Seriously? So CVS and RiteAid get clobbered by both the FTC and HHS/OCR, and Walgreens…. nothing other than throwing the issue into a larger environmental case?
WTHR, who first made the public aware of the problem with Walgreens’ privacy and data security, reports:
A decade after WTHR exposed the county’s largest pharmacy chains failed to protect their customers’ sensitive healthcare information, 13 Investigates has learned government regulators have quietly closed their investigation into improper trash disposal practices by Walgreens.
The government’s decision – announced in an e-mail to WTHR – means Walgreens will not face any federal penalty despite repeatedly violating federal law and jeopardizing customer privacy in the same manner that resulted in record-setting fines against its largest competitors.
Read more on WTHR, who did a tremendous public service via their original investigative reporting in 2006, and their follow-ups on this issue. It’s a damned shame that OCR did not impose a monetary penalty as a reminder to entities that disposal of paper records matters.