Blue Cross Blue Shield of Tennessee Pays $1.5m for Data Breach | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Blue Cross Blue Shield of Tennessee Pays $1.5m for Data Breach

March 15, 2012
by Gabriel Perna
| Reprints

Blue Cross Blue Shield of Tennessee (BCBST) will pay $1.5 million to the U.S. Department of Health and Human Services (HHS) to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules, according to Leon Rodriguez, director of the HHS Office for Civil Rights (OCR).  

In addition, BCBST will add a corrective action plan to address gaps in its HIPAA compliance program.  This counts as the first response resulting from a breach report required by the Health Information Technology for Economic and Clinical Health (HITECH) Act Breach Notification Rule.

According to HHS, 57 unencrypted computer hard drives were stolen from a leased facility in Tennessee that BSBST was operating.  The drives contained the protected health information (PHI) of over 1 million individuals, including member names, social security numbers, diagnosis codes, dates of birth, and health plan identification numbers. According to the OCR investigation, BCBST failed to implement appropriate administrative safeguards to adequately protect information remaining at the leased facility by not performing the required security evaluation in response to operational changes. It also showed a failure to implement appropriate physical safeguards by not having adequate facility access controls; both of these safeguards are required by the HIPAA Security Rule.

“This settlement sends an important message that OCR expects health plans and health care providers to have in place a carefully designed, delivered, and monitored HIPAA compliance program,” OCR Director Leon Rodriguez said in a statement. “The HITECH Breach Notification Rule is an important enforcement tool and OCR will continue to vigorously protect patients’ right to private and secure health information.”

In addition to the $1,500,000 settlement, the agreement requires BCBST to review, revise, and maintain its Privacy and Security policies and procedures, to conduct regular and robust trainings for all BCBST employees covering employee responsibilities under HIPAA, and to perform monitor reviews to ensure BCBST compliance with the corrective action plan.

Topics

News

Former Michigan Governor to Serve as Chair of DRIVE Health

Former Michigan Governor John Engler will serve as chair of the DRIVE Health Initiative, a campaign aimed at accelerating the U.S. health system's transition to value-based care.

NJ Medical Group Launches Statewide HIE, OneHealth New Jersey

The Medical Society of New Jersey (MSNJ) recently launched OneHealth New Jersey, a statewide health information exchange (HIE) that is now live.

Survey: 70% of Providers Using Off-Premises Computing for Some Applications

A survey conducted by KLAS Research found that 70 percent of healthcare organizations have moved at least some applications or IT infrastructure off-premises.

AMIA Warns of Tax Bill’s Impact on Graduate School Programs in Informatics

Provisions in the Republican tax bill that would count graduate student tuition waivers as taxable income would have detrimental impacts on the viability of fields such as informatics, according to the American Medical Informatics Association.

Appalachia Project to Study Relationship Between Increased Broadband Access, Improved Cancer Care

The Federal Communications Commission and the National Cancer Institute have joined forces to focus on how increasing broadband access and adoption in rural areas can improve the lives of rural cancer patients.

Survey: By 2019, 60% of Medicare Revenues will be Tied to Risk

Medical groups and health systems that are members of AMGA (the American Medical Group Association) expect that nearly 60 percent of their revenues from Medicare will be from risk-based products by 2019, according to the results from a recent survey.