BCBS Settlement Details $17M in Corrective Actions
HIPAA compliance 101—policies, training, monitoring, and risk assessments—might have saved Blue Cross Blue Shield of Tennessee (BCBST) millions, experts say.
Instead, the health insurer agreed to a $1.5 million settlement with the Office for Civil Rights over potential HIPAA security violations and spent another $17 million in breach response costs.
On March 13, BCBST and the OCR, the government's HIPAA privacy and security enforcer, reached the second largest financial settlement of its kind, behind CVS Caremark's $2.25 million price tag a little more than three years ago.
The agreement also requires BCBST to update its HIPAA compliance policies and procedures, obtain OCR approval on all policy changes, and conduct unannounced random audits of its own employees.
This is OCR's first enforcement action related to a breach that was reported per the Health Information Technology for Economic and Clinical Health (HITECH) Act requirements, according to the Department of Health & Human Services.
'Not following the basics'
In the fall of 2009, BCBST reported to OCR that 57 unencrypted computer hard drives were stolen from a leased facility in Tennessee. The hard drives contained protected health information (PHI) for more than one million individuals, including member names, Social Security numbers, diagnosis codes, birthdates, and health plan identification numbers.
"This breach seems to be another instance of not following the basics—policies, training, monitoring," says Phyllis A. Patrick, MBA, FACHE, CHC, of Phyllis A. Patrick & Associates LLC in Purchase, NY. "When organizations include privacy and security as key components of their culture and begin applying similar methods to those used in safety and quality programs, the awareness of these issues increases. A well-trained workforce is a tremendous asset in preventing many breaches, especially breaches of this type."
- CMS Sets 2014 Pay Rates for Hospital Outpatient and Physician Services
- New G-Codes to Pay Doctors for Broad Array of Non-Face-to-Face Care
- States Rejecting Medicaid Expansion Forgo Billions in Federal Funds
- FDA hopes hospitals will switch to newly regulated pharmacies
- Douglas Hawthorne—A Chance to Do Something Big
- Not-for-Profit Hospitals Find Opportunity Amid Uncertainty
- Why You Should Involve Patients in Nursing Handoffs
- 'Country Doctor of the Year' Embraces Challenges of Rural Medicine
- The 5 Biggest Healthcare Finance Trouble Spots
- Telehealth Improves Patient Care in ICUs