BCBS Settlement Details $17M in Corrective Actions
"I would think that self-reported breaches of PHI would be a high priority for HHS to investigate and act on," Borten says. "Otherwise, how much value is there in the reporting requirement? Further, even though a breach occurred, this is still identified as a 'settlement of a potential violation,' not a finding of fault, although the penalty is in line with the HITECH Act civil penalties. How much clearer could this be?"
Asked why it took this long to settle the BCBST case, the OCR spokesperson said, "As one can see from OCR's list of breaches over 500, many of these cases have been resolved quickly through corrective action. More complex cases take time to move from investigation to resolution."
LARGEST SETTLEMENTS TO DATE
The OCR's largest settlements for HIPAA violations include:
- CVS Caremark Co.: $2.25 million, February 2009
- Blue Cross Blue Shield of Tennessee: $1.5 million, March 13, 2012
- Rite Aid: $1 million, July 2010
- Massachusetts General Hospital: $1 million, February 2011
- University of California at Los Angeles Health System: $865,500, July 2011
Note that in February of 2011, OCR fined Cignet Health a $4.3 million civil money penalty, the largest fine for such violations. It was not a settlement.
Editor's note: Follow these links for more material on the BCBST settlement with OCR:
Dom Nicastro is a contributing writer. He edits the Medical Records Briefings newsletter and manages the HIPAA Update Blog.
- Ratcheting Up Patient Experience Has a Downside
- 'Mega Boards' Could be Rural Healthcare Disruptor
- Narrow Networks Enjoying a Resurgence
- Physicians Trained in High-Cost Regions Spend More
- HL20: Anne Wojcicki—Unlocking Consumer Access to Genetics
- Christmas Tree Syndrome Season Underway
- Population Health Starts with Ending Hunger
- HL20: Tom X. Lee, MD—Reinventing Primary Care
- HL20: Lee Aase—Who's Behind @MayoClinic
- HL20: José Ramón Fernández-Peña, MD, MPA—A Welcoming Approach