Joseph Fenity

June l,20l5

Department arHeelth and Human Servtces
omce tor Clle 

l30l Young Street Sutte I to?

Dallas, Texas 75202

On September 22, 20l 4 my pharmacy beneht manager and lnsurznce
provlder CVS/caremark lalso known as Caremark, Caremark, Healthl vlolzted the
Health lnsurance and Act of 19% when my protected health
rnrorrnatton was breached my at least one CVS/caremark Customer Care employee

lt Is my that my lnformatlon was lnapproprlately accessed by an
unauthorlzed CVS agent ln September 2014. On or around the date of September 22,
2014 my pnvate health data was then further breached on a much larger scale -- when the
call center agent made an unfortunate declslon to dlssemlnate the HIPAA-
protected lnformatlon to several other unauthorlzed 

On a patent and member level, CVS/caremark has yet to rorrnally nottry me or 
vlolatlon. how thelr data breach eventually became and how my
prlvate electronlc health records be protected bythe company golng forward

ln October 2014 CVS/caremark led me to belleve egreglous transgresslon was
taken senously, the vlolztlon had been reported and handled appropnately, and that no
further actlon was necessary However, the first and only correspondence sentto
me on behalf of CVS ln regards to matter - a letter dated Aprll14, 2015 and recelved
vla us. Mall It became apparentto me that whrle pnvacy vlolztlon may have been
handled lrlterrlally, lt was neverrormally reported to your orhce as requlred by law

The purpose of letter lS to ensure that your office has recelved the proper report and
documentatlon from CVS Health regards to senous and vlolatlon.

Please do not ln me lf any further lnformatlon from me lS needed

Slncerely.

Joseph Fenlty