• E-mail
• Print
• RSS

Insurer must show policy to prevent PHI breach

HIPAA Weekly Advisor, January 26, 2009

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

BlueCross BlueShield of Delaware can save on a $150,000 fine if it shows it has a policy and procedure in place to prevent a PHI breach, according to a January 6 story on the IFAwebnews.com Web site.

Matt Denn, Delaware’s state insurance commissioner, levied the state’s maximum fine in December when it found the Wilmington, DL-based insurer mistakenly disclosed information of 3,800 members, the Web site reported. BlueCross BlueShield has until February 1 to show it has taken appropriate measures to prevent another breach.

BlueCross said it “gives the highest corporate priority to the protection of the information our customers entrust to us” and apologized for the “regrettable occurrence cause by a printer malfunction” in a statement to the Web site.

The violation occurred when BlueCross sent “explanation of benefit” forms to members in November that also featured information on other members, such as name, medical provider, description of service provided and their account number.

BlueCross told IFAwebnews.com it was the result of a printing error, but Denn nonetheless found them in violation of two state insurance laws. One of the laws prohibits disclosure of “any nonpublic personal financial information about a consumer,” while the other requires insurers to have a system to safeguard customer information.

Read the full story in IFAwebnews.com here.

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

• Comment
• E-mail to a Colleague
• Print
• RSS
• Archive

Comments