CVS Under Fire for Using Patient Information for Lobbying Activities

The U.S. House of Representatives Committee on Oversight and Government Reform recently sent a letter to the President and CEO of CVS Health, expressing its concern about CVS’s “use of confidential patient information on June 11, 2025, to send a ‘mass text message’ to thousands of Louisiana CVS customers, including state employee members of the Office of Group Benefits (OGB), for the purpose of influencing Louisiana legislators.” Further, the “text message campaign raises ethical and potential legal issues if indeed CVS Pharmacy used confidential patient information, obtained through a state contract, to lobby against H.B. 358.” The Committee stated that HIPAA does not permit the use and disclosure of patient information for political advocacy or lobbying activities without obtaining each patient’s written authorization. The Committee included in the letter a number of information and document demands and a deadline for response. The fallout from this incident should serve as a reminder to covered entities and their business associates to be mindful about their uses and disclosures of patient information and performing assessments to determine when written patient authorizations are required.