Insurer, OCR Reach $1.5M Settlement for HIPAA Breach
In addition to the $1.5 million settlement, BCBS must:
- Review, revise, and maintain its privacy and security policies and procedures
- Conduct regular and robust trainings for all BCBST employees covering employee responsibilities under HIPAA
- Perform monitor reviews to ensure BCBST compliance with the corrective action plan
One of the requirements calls for BCBS to randomly audit facilities using portable devices.
"That's really something I have not seen before," said Ali Pabrai, MSEE, CISSP, chief executive of ecfirst, home of The HIPAA Academy. "They are making them randomly audit their facilities that house portable devices. The fact they are saying it should be done randomly and unannounced shows they are serious about this."
The interim final rule on breach notification went into effect only months before the BCBS breach. Pabrai says entities should take note that OCR is willing to go back years to investigate breaches.
"Go back and get as much detail as you can," Pabrai says of earlier breaches reported to OCR. "You've got to be ready for this."
Dom Nicastro is a contributing writer. He edits the Medical Records Briefings newsletter and manages the HIPAA Update Blog.
- CFO Exchange: Smartphones Poised to Disrupt Healthcare, Says Topol
- CNO on Hospital Redesign: 'You Can't Over-Communicate'
- How Digital Strategy Shapes Patient Engagement at Boston Children's Hospital
- Half of All Primary Care, Internal Medicine Jobs Unfilled in 2013
- Consumerism Drives Healthcare Branding, Rebranding Efforts
- PA Ranks See 'Phenomenal Growth,' Lack of Diversity
- 3 Traits Personality Assessments Can't Reveal
- Carondelet to Pay $35M to Settle Fraud Allegations
- Some Cancer Hospitals' Quality Data Will Soon Be Public
- Antibiotic Overuse a 'Huge Threat' to Patient Safety, Says CDC