BCBS Settlement Details $17M in Corrective Actions
To date, there is no indication of any misuse of personal data from the stolen hard drives, according to BCBST. The company's response included the encryption of all its at-rest data as well as investigation, notification, and protection efforts—to the tune of $17 million, according to its statement. That amounts to about $17 per breached record.
"Since the theft, we have worked diligently to restore the trust of our members by demonstrating our full commitment to limiting their risks from this misdeed and making significant investments to ensure their information is safe at all times," Tena Roberson, deputy general counsel and chief privacy officer for BlueCross, said in the statement to HCPro, Inc.
Message in the CAP
In addition to the settlement, BCBST must adhere to its corrective action plan (CAP), which states that the health insurer must:
- Review, revise, and maintain its privacy and security policies and procedures
- Conduct regular and robust trainings for all BCBST employees covering employee responsibilities under HIPAA
- Perform and monitor reviews to ensure BCBST compliance with the CAP
BCBST must also conduct unannounced audits of BCBST facilities housing portable devices and audit 25 BCBST workforce members who use portable devices.
"That's really something I have not seen before," says Ali Pabrai, MSEE, CISSP, chief executive of ecfirst, home of The HIPAA Academy. "They are making them randomly audit their facilities that house portable devices. The fact they are saying it should be done randomly and unannounced shows they are serious about this."
The interim final rule on breach notification went into effect in August of 2009, only months before the BCBST breach. Pabrai says entities should take note that OCR is willing to go back years to investigate breaches.
- $6.4B Henry Ford, Beaumont Merger Failed on Cultural Hurdles
- House Lawmakers Grill CMS Over Health Exchange Navigators
- Fortunately, Angelina Jolie Isn't On Medicare
- Don't Let Nurses Sink Your Bottom Line
- How Chargemaster Data May Affect Hospital Revenue
- Uncompensated Care Faces a Double Hit in Some States
- Hospital Pricing Transparency a Marketing Game Changer
- Insurer's App Aims to Lower Healthcare Costs, Securely
- ED Physicians Key to Half of Hospital Admissions
- Primary Care Docs Average More Hospital Revenue Than Specialists