Insurer, OCR Reach $1.5M Settlement for HIPAA Breach
OCR launched its breach notification website required by the HITECH Act under breach notification in February 2010 and through December 2011 had received an average of 17 reports per month. As of March 13, it lists 400 entities reporting breaches of unsecured PHI affecting 500 or more individuals.
In the last two months, the government enforcer has posted about 10 reports per month. Six entities are in OCR's million-plus patient record breach club, including BCBS as the sixth largest breach:
- TRICARE Management Activity (TMA): 4,901,432, lost backup tapes
- Health Net, Inc.: 1,900,000, unknown
- New York City Health & Hospitals Corporation's North Bronx Healthcare Network: 1,700,000, stolen electronic medical record
- AvMed, Inc.: 1,220,000, stolen laptop
- The Nemours Foundation: 1,055,489, lost backup tapes
- Blue Cross Blue Shield of Tennessee: 1,023,209, stolen hard drives
More than 18 months have passed since OCR last gave an update on the interim final rule on breach notification requirements. That rule, published in the Federal Register August 24, 2009, is in effect. OCR developed a final rule and sent it to the Office of Management and Budget for review May 14, 2010.
- Antibiotic Overuse a 'Huge Threat' to Patient Safety, Says CDC
- CFO Exchange: Smartphones Poised to Disrupt Healthcare, Says Topol
- Consumerism Drives Healthcare Branding, Rebranding Efforts
- 3 Traits Personality Assessments Can't Reveal
- PA Ranks See 'Phenomenal Growth,' Lack of Diversity
- CHS Hacked, 4.5M Patient Records Compromised
- CFO Exchange: Healthcare Leaders Share 5 Innovative Ideas
- Business Roundup: M&A Activity Down Slightly in First Half of 2014
- Large Employers Trimming Healthcare Spending
- CNO on Hospital Redesign: 'You Can't Over-Communicate'