Corporate Compliance

BCBS settlement details $17 million in corrective actions

Compliance Monitor, March 21, 2012

HIPAA compliance 101—policies, training, monitoring, and risk assessments—might have saved Blue Cross Blue Shield of Tennessee (BCBST) millions, experts say.

Instead, the health insurer agreed to a $1.5 million settlement with the Office for Civil Rights (OCR) over potential HIPAA security violations and spent another $17 million in breach response costs.

On March 13, BCBST and the OCR, the government's HIPAA privacy and security enforcer, reached the second largest financial settlement of its kind, behind CVS Caremark's $2.25 million price tag a little more than three years ago.

The agreement also requires BCBST to update its HIPAA compliance policies and procedures, obtain OCR approval on all policy changes, and conduct unannounced random audits of its own employees.

This is OCR's first enforcement action related to a breach that was reported per the Health Information Technology for Economic and Clinical Health (HITECH) Act requirements, according to the Department of Health & Human Services.

Read more on the HealthLeaders Media website.

    Strategies for Health Care Compliance
  • Strategies for Health Care Compliance

    News and real-life examples to increase the effectiveness of your compliance program. Strategies for Health Care Compliance...

  • Medicare Insider

    Each issue of Medicare Weekly Update includes the latest CMS proposed and final rules, CMS manual revisions, and...

Most Popular