Insurer, OCR Reach $1.5M Settlement for HIPAA Breach
The Office for Civil Rights (OCR) has reached its first settlement with an organization on its large patient information breach list required in 2009 by the Health Information Technology for Economic and Clinical Health (HITECH) Act.
The HIPAA privacy and security enforcer settled Tuesday, March 13, with Blue Cross Blue Shield of Tennessee (BCBS) for $1.5 million for its 2009 HIPAA breach that affected more than 1 million individuals, according to a Department of Health & Human Services (HHS) press release. OCR reports to HHS.
The health insurer also agreed to a corrective action plan to "address gaps in its HIPAA compliance program."
BCBS reported to OCR in the fall of 2009 that 57 unencrypted computer hard drives were stolen from a leased facility in Tennessee containing PHI of more than 1 million individuals, including member names, social security numbers, diagnosis codes, dates of birth, and health plan identification numbers.
"BCBST failed to implement appropriate administrative safeguards to adequately protect information remaining at the leased facility by not performing the required security evaluation in response to operational changes," according to the HHS press release. "In addition, the investigation showed a failure to implement appropriate physical safeguards by not having adequate facility access controls; both of these safeguards are required by the HIPAA Security Rule."
- As Medicare Advantage Cuts Loom, Disagreement Over Program's Stability
- Doctors Feel Pressure to Accept Risk-based Reimbursement
- Surgical Checklists Unused in 10% of Hospitals, CMS Data Shows
- Centralizing the Revenue Cycle Protects the Bottom Line
- A Fresh Look at End-of-Life Care
- 3 in 4 Patients Want E-mail Consultations
- Heart Attack Patient Costs Skyrocket Beyond 30 Days
- CA Fines 8 Hospitals for Medical Errors
- ACGME Chief Sees 'Huge' Risk of Error in Proposed Assistant Physician Licensure
- 3 Insider Tips on Cutting Costs without Strangling Growth