Hundreds of health providers nationwide repeatedly violated HIPAA between 2011 and 2014, according to a recent ProPublica analysis of federal data.
The analysis shows the following health providers had the most privacy complaints that resulted in either corrective-action plans submitted by a health provider or "technical assistance" provided by HHS' Office for Civil Rights on how to comply with the law.
1. U.S. Department of Veterans Affairs — 220 complaints
2. CVS Health — 204 complaints
3. Walgreens — 183 complaints
4. Kaiser Permanente (Oakland, Calif.) —146 complaints
5. Walmart — 71 complaints
6. LabCorp — 58 complaints
7. Quest Diagnostics — 55 complaints
8. Express Scripts —51 complaints
9. Rite Aid — 48 complaints
10. United Healthcare — 43 complaints
According to ProPublica, warnings are given out privately, but sanctions are rarely imposed for these providers that violate HIPAA. For example, in more than 200 instances between 2011 and 2014, the Office for Civil Rights reminded CVS of its obligations under the law or accepted its pledges to improve privacy protections. ProPublica notes CVS did pay a $2.25 million penalty in 2009 for dumping prescription bottles in unsecured dumpsters.
The companies said they take privacy seriously, according to ProPublica.
More articles on health IT:
9 hospitals, health systems seeking Cerner, Epic talent
Data breaches in 2016: What can we expect?
Five ways data will disrupt healthcare in 2016