Security breach puts 500,000 BlueCross members’ data at risk
HIPAA Weekly Advisor, January 18, 2010
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
The theft of 57 hard drives from a BlueCross BlueShield of Memphis, TN, training facility last October has put at risk the private information of approximately 500,000 customers in at least 32 states, the insurer said last week in an investigation update.
The hard drives were reportedly stolen from a leased office in a Chattanooga strip mall that once housed a BCBS of TN call center. The drives contained 1.3 million audio files and 300,000 video files related to coordination of care and eligibility telephone calls from providers and members.
The video files were images from computer screens of customer service representatives and the audio files were recorded phone conversations from Jan. 1, 2007 to Oct. 2, 2009.
The files contained customers' personal data and protected health information that was encoded but not encrypted, including:
- Names and BlueCross ID numbers.
- In some recordings–but not all—diagnostic information, date of birth, and/or Social Security number. BCBS of TN estimates that the Social Security numbers of approximately 220,000 customers may be at risk.
Read the full story by John Commins of HealthLeaders Media.
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Related Products
-
Guide to HIPAA Auditing, Second Edition
This new edition of a best-selling book delivers the hands-on tools and guidance you need to conduct effective in-house...
-
HIPAA Training Handbook for Business Associates
Train all of your staff members with this handbook and others in the 2009 HIPAA Handbook Series. Ensure they understand...
-
HIPAA Handbook for Executive, Administrative and Corporate Staff
Train all of your staff members with this handbook and others in the 2009 HIPAA Handbook Series. Ensure they understand...
-
The No-Hassle Guide to HIPAA Policies: A Privacy and Security Toolkit
HIPAA regulations require extensive documentation—likely more than you've done in the past. Changing the way you look...
-
The HIPAA and HITECH Toolkit
The HIPAA and HITECH Toolkit is a valuable resource that helps both CEs and BAs understand and meet the HITECH Act's...
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Topic: CMS, OESS post new security compliance review information, checklist
- Capturing all necessary codes for IUD insertion and removal can be challenging
- What does case-mix index mean to you?
- HIPAA Q&A: Level of encryption needed for email
- News and briefs: Oklahoma Osteopathic Association against residency bill change
- QA:Coding multiple initial infusions
- OB services: Coding inside and outside of the package
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- CMS has reformulated payments for some bilateral procedures
- Catch up on what's new with injections and infusions
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- What does case-mix index mean to you?
- Hospitals are not bound by InterQual criteria for determining patient status
- ED-to-inpatient transfers are flawed with safety gaps
- Searched