The National Community Pharmacists Association (NCPA) and seven consumer advocacy groups have requested that the FTC and the Department of Health and Human Services to investigate activities by CVS Caremark that may violate HIPAA. In a letter filed with the FTC and HHS, the organizations alleged that CVS Caremark used health information in violation of healthy privacy and antitrust laws. CVS Caremark was created from the 2007 merger of the pharmacy CVS and the pharmacy benefits manager Caremark Corp. The letter alleges, among other things, that CVS Caremark uses the information it obtains from non-CVS pharmacies through its pharmacy benefits management program to market the CVS mail-order pharmacy and CVS in-store pharmacy programs to those consumers–an inappropriate use of protected health information.
CVS Caremark recently settled an action with the FTC regarding its data security practices.
Additional coverage of the story is available here.