Preview

Case Study 1: HIPAA, CIA & Safeguards

Good Essays
Open Document
Open Document
554 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
Case Study 1: HIPAA, CIA & Safeguards
FOR IMMEDIATE RELEASE
March 13, 2012 Contact: HHS Press Office
(202) 690-6343
HHS settles HIPAA case with BCBST for $1.5 million
First enforcement action resulting from HITECH Breach Notification Rule
Blue Cross Blue Shield of Tennessee (BCBST) has agreed to pay the U.S. Department of Health and Human Services (HHS) $1,500,000 to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules, Leon Rodriguez, Director of the HHS Office for Civil Rights (OCR), announced today. BCBST has also agreed to a corrective action plan to address gaps in its HIPAA compliance program. The enforcement action is the first resulting from a breach report required by the Health Information Technology for Economic and Clinical Health (HITECH) Act Breach Notification Rule.
The investigation followed a notice submitted by BCBST to HHS reporting that 57 unencrypted computer hard drives were stolen from a leased facility in Tennessee. The drives contained the protected health information (PHI) of over 1 million individuals, including member names, social security numbers, diagnosis codes, dates of birth, and health plan identification numbers. OCR’s investigation indicated BCBST failed to implement appropriate administrative safeguards to adequately protect information remaining at the leased facility by not performing the required security evaluation in response to operational changes. In addition, the investigation showed a failure to implement appropriate physical safeguards by not having adequate facility access controls; both of these safeguards are required by the HIPAA Security Rule.
“This settlement sends an important message that OCR expects health plans and health care providers to have in place a carefully designed, delivered, and monitored HIPAA compliance program,” said OCR Director Leon Rodriguez. “The HITECH Breach Notification Rule is an important enforcement tool and OCR will continue to

You May Also Find These Documents Helpful

  • Good Essays

    We have gone over our books and looked at our labor growth over the last 6-7 years. Here is a summary of our situation. All numbers are based on billed services only. Costs of goods sold are NOT included in any of the numbers. Our average growth per year over the last 6-7 years is 48.62%. If we take out our best and worst years for growth then our average is 31.62% each year. We are currently on pace to easily hit $126,703.79 in labor for 2016. Our labor increased by 34.84% from 2015 to 2016. We just added two managed service clients this month. Now we have 20 managed services clients that add up to $120,720.96 per year. As you know this is the most valuable part of our business.…

    • 699 Words
    • 3 Pages
    Good Essays
  • Good Essays

    In 2013, the DHSS Office of Civil Rights (OCR) published a final Omnibus rule that made changes to HIPAA and added new regulations (Furrow et al, 2013). The HIPAA Omnibus rule extended liability to include business associates of covered entities, it established a tiered civil penalty structure and increased the fines, it replaced the breach notification rule threshold to a more objective standard, and it prohibited health plans from using genetic information for underwriting purposes. The OCR is responsible for assuring compliance with the HIPAA Privacy…

    • 87 Words
    • 1 Page
    Good Essays
  • Good Essays

    What is HIPAA all about and why should you care about being HIPAA compliant? Medical marijuana, like any controlled substance, requires a strong system of identifying patients properly. Dispensaries use computerized systems to process and verify patient health information (PHI). This can pose certain risks, including security breaches. These systems are subject to the Health Insurance of Portability and Accountability Act of 1996 (also referred to as HIPAA). Under this Act, medical marijuana is treated the in a similar way as prescription drugs.…

    • 368 Words
    • 2 Pages
    Good Essays
  • Satisfactory Essays

    HIPAA: A Case Study

    • 153 Words
    • 1 Page

    This governs the transfer of EHR’s. Knowing the person sending and receiving the EHR have met regulated requirements, ensures the safety of such documents.…

    • 153 Words
    • 1 Page
    Satisfactory Essays
  • Satisfactory Essays

    The breach of confidentiality is that the patient information was given out to someone that wasn't allowed to have it. The patient signed a documents that their information was given out unless they signed something. The penalty to violating HIPAA is jail time and or probation. You never know what could actually happen but I know it is federal offense. The person who released it without consent could be fined as well.…

    • 72 Words
    • 1 Page
    Satisfactory Essays
  • Satisfactory Essays

    How do HIPAA Privacy and Security Rules apply to Health IT and EHRs? ... December 12, 2011, 10:24 am / Leon Rodriguez / Former Director, HHS, Health IT Buzz > Privacy and Security of EHRs > Privacy, Security, and Electronic Health…

    • 391 Words
    • 3 Pages
    Satisfactory Essays
  • Good Essays

    Why Is Hipaa Important

    • 364 Words
    • 2 Pages

    HIPAA (Health Insurance Portability and Accountability Act of 1996) is United States legislation that provides data privacy and security provisions for safeguarding medical information. HIPPA, like any other organization, comes with certain rules that need to be followed. The most common rules involved with HIPAA include the Privacy Rule, Security Rule, and Enforcement Rule.…

    • 364 Words
    • 2 Pages
    Good Essays
  • Powerful Essays

    Health Insurance Portability and Accountability Act (HIPAA) was signed on 21st August 1996 by the U.S President Bill Clinton. Most healthcare insurance companies and providers are to remain to the HIPAA regulation guidelines by October 2002 and October 2003 for smaller health plans. If you are in the healthcare industry, you have probably heard some rumblings about the Health Insurance Portability and Accountability Act of 1996, calmly referred to as HIPAA. The word is your medical practice will have to be HIPAA compliant by April 2003, but you are not exactly sure what this act mandates or how to accomplish it. In very basic terms, HIPAA has two primary components to which hospitals, health plans, and healthcare…

    • 1281 Words
    • 6 Pages
    Powerful Essays
  • Good Essays

    Hitech

    • 455 Words
    • 2 Pages

    HITECH expands on HIPPA Privacy Rule and Security Rule to strengthen patient privacy in the following:…

    • 455 Words
    • 2 Pages
    Good Essays
  • Good Essays

    Hipaa and Medical Records

    • 366 Words
    • 2 Pages

    Patients must also receive a privacy notice from covered entities letting their clients know their standard policies on sharing a patient’s health information and how a patient can exercise their rights. (U.S. Department of Health and Human Services 2006) Covered entities include: doctors, clinics, nursing homes, health insurance plans and health care clearinghouses. According to HIPAA, “the individual has a fundamental right to receive adequate notice of how a covered entity may use and disclose” their personal health information. The notice must contain, in plain language, the following:…

    • 366 Words
    • 2 Pages
    Good Essays
  • Satisfactory Essays

    Hipaa

    • 501 Words
    • 3 Pages

    HIPAA came into place “to improve the efficiency and effectiveness of the health care system, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public Law 104-191, included Administrative Simplification provisions that required HHS to adopt national standards for electronic health care transactions and code sets, unique health identifiers, and security.” (U.S. Department of Health & Human Services) Then after getting all the policy and procedures into place it became effective in February of 2003. The HIPAA policies help to protect all parties in the medical field including the patients and physicians.…

    • 501 Words
    • 3 Pages
    Satisfactory Essays
  • Good Essays

    “Health Information Privacy” United States Department of Health & Human Services. 20 Nov. 2010 <http://hhs.gov/ocr/privacy/hipaa/understanding/srsummary.html>.…

    • 598 Words
    • 3 Pages
    Good Essays
  • Good Essays

    Health Care Industry

    • 614 Words
    • 3 Pages

    HIPAA laws will impact the day-to-day operations of all health care organizations that create, transmit or store data related to health care electronically. Health information regarding a patient is needed to the doctors, nurses and others so that they (patients) can be treated well. Without the authorization of the patients, no health organization can share the information related to patients with a life insurer. According to the regulations of HIPAA, a secure system, which protects the patient's information, is required by the doctors, pharmacies, health insurers and other healthcare providers. The steep increase in the paperwork that must be reviewed and signed during the first visit of the healthcare facility is the most noticeable change for the consumers of healthcare services. “Had the parties involved in the health care industry collaborated years ago to…

    • 614 Words
    • 3 Pages
    Good Essays
  • Better Essays

    Security and Privacy

    • 1863 Words
    • 6 Pages

    It has been brought to the attention of the administrative office that there has been a security breach of policies and procedures concerning the protection of confidential client information. On numerous occasions, personnel who are working late have observed the cleaning staff reading discarded printouts. This is a violation of the HIPAA Laws, which are put in place to protect patients. This has taken place in a restricted-access IS department, and a problem like this should never have happened.…

    • 1863 Words
    • 6 Pages
    Better Essays
  • Powerful Essays

    This rule requires the covered entity to promptly notify individuals and the Secretary of the HHS of the loss, theft, or certain other impermissible uses or disclosures of unsecured PHI. Health care providers must also promptly notify the Secretary of HHS if there is any breach of unsecured protected health information if the breach affects 500 or more individuals, and notify the media if the breach affects more than 500 individuals of a State or jurisdiction.…

    • 1261 Words
    • 6 Pages
    Powerful Essays