|March 13, 2012|
BlueCross, HHS Reach Settlement in 2009 Hard Drive Data Theft
Health Plan Agrees to Ongoing Security Monitoring of
CHATTANOOGA, Tenn. — BlueCross BlueShield of Tennessee has entered into a resolution agreement with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights to settle alleged violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA)
Security Rules. The agreement includes a $1.5 million penalty and a 450-day corrective action plan.
The settlement covers the 2009 theft of 57 hard drives from a data storage closet at a former BlueCross call center located in Chattanooga. The hard drives contained audio and video recordings related to customer service telephone calls from providers and members, and included varying degrees of personal information on about 1 million members. To date, there is no indication of any misuse of personal data from the stolen hard drives.
“Since the theft, we have worked diligently to restore the trust of our members by demonstrating our full commitment to limiting their risks from this misdeed and making significant investments to ensure their information is safe at all times,” said Tena Roberson, deputy general counsel and chief privacy officer for BlueCross. “We appreciate working with HHS, the Office of Civil Rights and CMS and specifically their guidance on administrative, physical and technical standards throughout this process.”
In total, the company has spent nearly $17 million in investigation, notification and protection efforts.
The corrective action plan that BlueCross will follow includes:
BlueCross BlueShield of Tennessee's mission is to provide its customers and communities with peace of mind through affordable solutions for health and healing, life and living. Founded in 1945, the Chattanooga-based company is focused on reinventing the health plan for its 3 million members in Tennessee and across the country. Through its integrated health management approach, BlueCross provides patient-centric products and services that drive health improvement and positively impact health care quality and value. BlueCross BlueShield of Tennessee Inc. is an independent licensee of the BlueCross BlueShield Association. For more information, visit the company's website at www.bcbst.com.
Return to Press Releases