CVS Health is being investigated for a potential HIPAA violation associated with the alleged usage of patient information for lobbying against the approval of a Louisiana state law that may impact its business. The law involved is House Bill 358 (HB 358), which presented some changes to existing pharmacy regulations in Louisiana. One proposed change is banning state providers from operating as individual pharmacies and pharmacy benefit managers (PBMs).
A pharmacy benefit manager is a middleman between pharmaceutical firms and pharmacies that works out a deal regarding prices with the pharmaceutical firms on behalf of businesses and health plans. They usually likewise run pharmacy networks and manage mail-order pharmacies. PMBs are being scrutinized for their business tactics. The Federal Trade Commission (FTC) claimed that big PBMs have increased drug prices to get more company profits, bargaining lower prices from pharmaceutical firms, then increasing drug price tags at their pharmacies. As per an FTC report at the beginning of 2025, from 2017 to 2022, CVS Health’s CVS Caremark, UnitedHealth Group’s Optum, and Cigna’s Express Scripts raised the costs of medicines for cancer, heart disease, and HIV at their partner pharmacies, increasing profits by $7.3 billion above the purchase costs of the medicines.
Some states have approved legislation to control PMBs and restrict their control on medication prices, and decreasing the costs of medicines is a Trump administration priority. CVS Health and Cigna took legal action seeking to overturn a related legislation enforced in Arkansas, and CVS Health allegedly tried to hinder the approval of HB 358 in Louisiana. In case the bill is approved, CVS Health, which serves as the PBM CVS Caremark, including 119 CVS pharmacies in Louisiana state, will be seriously affected.
Louisiana Attorney General Liz Murrill investigated CVS Health after getting reports that CVS Health sent a lot of SMS to state workers and their families to lobby against the proposed law. One SMS told the recipients that when the bill becomes law, CVS Pharmacy may shut down, medicine costs could go up, and its pharmacists can lose their work.
The SMS included a URL to a draft letter to legislators asking them to decline the legislation. The letter mentioned that the proposed legislation would stop the shippping of medications to the homes of Louisiana patients. It also mentioned that the pharmacies would be banned to serve patients with illnesses that need specialty pharmacy care and treatment of life-threatening conditions, such as cancer or organ transplants. This disruption to patient services would cause serious consequences. CVS Health denies that it used lying and scare tactics to hinder the bill.
CVS Health is facing three lawsuits filed by AG Murrill alleging unfair, deceitful, and illegal practices, which have hurt Louisiana patients, pharmacies, and the general public. CVS Health representative Any Thibault said the bill was presented without public hearing, therefore they took the responsibility to advise their customers about the misguided legislation that would hurt their trusted pharmacy.
Currently, two Republican legislators are investigating the allegations of using patient records for lobbying, possibly violating the Health Insurance Portability and Accountability Act (HIPAA) Privacy Law. A letter written by James Comer (R-KY), House Committee on Oversight and Government Reform Chairman and Clay Higgins (R-LA), Subcommittee on Federal Law Enforcement Chairman, to CVS Health CEO and President David Joyner asked about the usage of patient data for lobbying against H.B. 358. The lawmakers mentioned in the letter that under HIPAA Privacy Rule, patient data cannot be used for lobbying or political advocacy. In such cases, patient authorization is necessary. It seems that CVS Health pharmacies used its mass texting functionality for notifying patients concerning prescription updates in a way that potentially violated HIPAA. The lawmakers are expecting a response on or before September 18, 2025.
Image credit: khairul hadi, AdobeStock / logo©CVSHealth
