BlueCross to pay $1.5 million
Retrieved April 20, 2012
Go to original Article


BlueCross to pay $1.5 million in settlement after 2009 hard drive data theft

BlueCross leaders also agree to ongoing security monitoring in settlement

Leaders of BlueCross BlueShield have reached an agreement with officials from the U.S. Department of Health and Human Services Office for Civil Rights to settle alleged HIPPA violations.

The deal includes a $1.5 million penalty and a 450-corrective action plan. 

“Since the theft, we have worked diligently to restore the trust of our members by demonstrating our full commitment to limiting their risks from this misdeed and making significant investments to ensure their information is safe at all times,” Tena Roberson, deputy general counsel and chief privacy officer for BlueCross, said in a prepared statement. 

The settlement covers the 2009 theft of 57 hard drives from a data storage closet at a former BlueCross call center located in Chattanooga, leaders said. 

The hard drives contained audio and video recordings related to customer service telephone calls from providers and members and included varying degrees of personal information on about 1 million members, leaders said. 

To date, there is no indication of any misuse of personal data from the stolen hard drives, BCBS leaders said. 

The company’s response to the crime included the encryption of all its at-rest data—a voluntary effort that goes above and beyond current industry standards, according to a news release. 

In total, the company has spent nearly $17 million in investigation, notification and protection efforts. 

The corrective action plan that BlueCross will follow includes: 

— Providing HHS with current written policies and procedures specific to protected health information and individually identifiable health information

— Monitoring its workforce to ensure training and enforcement of policies and procedures

Shopping Cart
Scroll to Top