HHS and BCBST Settle HIPAA Case for $1.5 Million


On March 13, 2012, HHS announced that Blue Cross Blue Shield of Tennessee (BCBST) has agreed to pay HHS $1.5 million to settle potential violations of the HIPAA privacy and security rules. In addition, BCBST agreed to a corrective action plan (CAP) to address alleged gaps in its HIPAA compliance program.

According to the HHS press release, the investigation followed a notice submitted by BCBST to HHS reporting that 57 unencrypted computer hard drives were stolen from a leased facility in Tennessee. The drives contained audio and video recordings related to customer service telephone calls with PHI for over 1 million individuals, including member names, social security numbers, diagnosis codes, dates of birth, and health plan identification numbers. HHS concluded, based on its investigation, that BCBST failed to implement appropriate administrative safeguards to adequately protect the information at the leased facility because it did not perform the required security evaluation in response to operational changes. The information, however, was stored in a leased data closet secured by biometric and keycard scan security and in a building with additional security provided by the facility owner. Although BCBST received an alert that the server was unresponsive, the message did not alert BCBST that there may have been a theft and the server did not appear to adversely impact operations.

Please see full alert below for more information.

LOADING PDF: If there are any problems, click here to download the file.

Written by:

Published In:

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© King & Spalding | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »

All the intelligence you need, in one easy email:

Great! Your first step to building an email digest of JD Supra authors and topics. Log in with LinkedIn so we can start sending your digest...

Sign up for your custom alerts now, using LinkedIn ›

* With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name.