Skip to main content
Toggle Menu of ADA WebSites
ADA Websites
Partnerships and Commissions
Toggle Search Area
Toggle Menu
e-mail Print Share

Denver pharmacy pays $125,000 to settle potential HIPAA violations

May 12, 2015 A Denver pharmacy will pay the federal government $125,000 to settle potential HIPAA violations after unsecured patient documents were found in an unlocked, open container.

Cornell Prescription Pharmacy will also adopt a corrective action plan to correct deficiencies in its Health Insurance Portability and Accountability Act compliance program, according to the Office for Civil Rights, the U.S. Department of Health and Human Services division that enforces HIPAA. Cornell is a small, single-location pharmacy that provides in-store and prescription services to patients in the Denver metropolitan area, specializing in compounded medications and services for hospice care agencies in the area.

OCR opened a compliance review and investigation after receiving notification from a local Denver news outlet regarding the disposal of unsecured documents containing the protected health information of 1,610 patients in an unlocked, open container on Cornell's premises. The documents were not shredded and contained identifiable information regarding specific patients, according to an OCR news release.

Evidence obtained by OCR during its investigation revealed Cornell's failure to implement any written policies and procedures as required by the HIPAA Privacy Rule, according to OCR. The federal agency also stated that the pharmacy also failed to provide training on policies and procedures to its workforce, another requirement of the Privacy Rule.

"Regardless of size, organizations cannot abandon protected health information or dispose of it in dumpsters or other containers that are accessible by the public or other unauthorized persons," OCR Director Jocelyn Samuels said in a news release. "Even in our increasingly electronic world, it is critical that policies and procedures be in place for secure disposal of patient information, whether that information is in electronic form or on paper."

To learn more about what dentists can do in their practice to protect themselves against HIPAA violations, visit or search for "HIPAA" on the ADA Center for Professional Success website at To learn more about what OCR has to say about HIPAA, visit

The ADA Complete HIPAA Compliance Kit has tools to help dentists design and implement a comprehensive HIPAA Compliance program. The kit (J598) includes The ADA Practical Guide to HIPAA Compliance: Privacy and Security Manual with three-year update service and The ADA Practical Guide to HIPAA Training CD-ROM.  It's available at for members for $300 and retails for $450.