Today, healthcare organizations receive more and more patients, which leads to an influx of data and a higher necessity for strong security measures. If a healthcare facility violates HIPAA compliance, it may be facing severe financial penalties.
For example, the Blue Cross Blue Shield of Tennessee was accused of HIPAA violations in the form of data breaches, which led to a settlement of $1.5 million - not a small amount for a healthcare provider. The HITECH Breach Notification Rule was violated in this case, for the first time since its inception, according to Healthcare IT News.
"This settlement sends an important message that OCR [Office of the Civil Rights] expects health plans and healthcare providers to have in place a carefully designed, delivered, and monitored HIPAA compliance program," Leon Rodriguez, the director of OCR at the Department of Health and Human Services (HHS), told the news source. "The HITECH Breach Notification Rule is an important enforcement tool and OCR will continue to vigorously protect patients' right to private and secure health information."
The Tennessee Blue Cross Blue Shield also agreed to pursue a corrective action plan to improve its HIPAA compliance program. The investigation that led to the settlement followed a notification sent to HHS, which states that 57 unencrypted computers were stolen from a medical facility in Tennessee.
These computers contained information from more than one million members of the Blue Cross Blue Shield organization of Tennessee. This includes names, social security numbers, medical diagnosis, health plan ID numbers and dates of birth.