By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Health Works CollectiveHealth Works CollectiveHealth Works Collective
  • Health
    • Mental Health
    Health
    Healthcare organizations are operating on slimmer profit margins than ever. One report in August showed that they are even lower than the beginning of the…
    Show More
    Top News
    stress management for healthcare workers
    3 Tips For Healthcare Professionals: How To Stay Beautiful, Healthy, and Happy
    November 2, 2021
    importance of relaxing on the weekend for your health
    Importance of Relaxing During the Weekend for Optimal Health
    March 25, 2022
    LASIK Eye Surgery
    What Is LASIK Eye Surgery?
    May 16, 2022
    Latest News
    Beyond Nutrition: Everyday Foods That Support Whole-Body Health
    June 15, 2025
    The Wide-Ranging Benefits of Magnesium Supplements
    June 11, 2025
    The Best Home Remedies for Migraines
    June 5, 2025
    The Hidden Impact Of Stress On Your Body’s Alignment And Balance
    May 22, 2025
  • Policy and Law
    • Global Healthcare
    • Medical Ethics
    Policy and Law
    Get the latest updates about Insurance policies and Laws in the Healthcare industry for different geographical locations.
    Show More
    Top News
    The PCMH and Home Care Data: An Interview with Melissa McCormack
    December 19, 2013
    IT Strategy for Health Plans: Interview with ikaSystems CEO Joe Marabito
    August 11, 2014
    A New Kind of Stress Test
    May 26, 2015
    Latest News
    Let Your Lawyer Handle the Work Before You Pay Medical Costs
    July 6, 2025
    Top HIPAA-Compliant Messaging Apps for Healthcare Teams
    June 25, 2025
    When Healthcare Ends, the Legal Process Begins: What Families Should Know About Probate and Medical Estates
    June 20, 2025
    Preventing Contamination In Healthcare Facilities Starts With Hygiene
    June 15, 2025
  • Medical Innovations
  • News
  • Wellness
  • Tech
Search
© 2023 HealthWorks Collective. All Rights Reserved.
Reading: Total Cost of a HIPAA Violation: 18.5 Million
Share
Notification Show More
Font ResizerAa
Health Works CollectiveHealth Works Collective
Font ResizerAa
Search
Follow US
  • About
  • Contact
  • Privacy
© 2023 HealthWorks Collective. All Rights Reserved.
Health Works Collective > eHealth > Medical Records > Total Cost of a HIPAA Violation: 18.5 Million
Medical Records

Total Cost of a HIPAA Violation: 18.5 Million

onlinetech
onlinetech
Share
4 Min Read
SHARE

Who: Blue Cross Blue Shield of Tennessee (BCBST)

Who was affected: Over 1 million members of the BCBST had their information stolen, including names, SSNs, diagnosis codes, birthdates and health plan IDs.

What: 57 unencrypted hard drives were stolen from a leased facility in Tennessee, out of a data storage closet. According to the resolution agreement, the BCBST were relocating staff from the facility and had not yet moved the servers from the closet to their new location.

Who: Blue Cross Blue Shield of Tennessee (BCBST)

More Read

ebola and EHR
Ebola: Are We Relying on EHR to Tell the Story?
Social Media’s Effect on HIPAA Privacy and Security
Problems with Electronic Physician Documentation
Electronic Medical Records Holds Doctors Hostage
Choosing a Different Peer Review Vendor

Who was affected: Over 1 million members of the BCBST had their information stolen, including names, SSNs, diagnosis codes, birthdates and health plan IDs.

What: 57 unencrypted hard drives were stolen from a leased facility in Tennessee, out of a data storage closet. According to the resolution agreement, the BCBST were relocating staff from the facility and had not yet moved the servers from the closet to their new location.

Charged with: The OCR (Office of Civil Rights, official HIPAA-enforcement entity) found the BCBST failed to have ‘adaquate facility access controls,’ according to their press release. This put them in violation of implementing the appropriate physical safeguards as listed in the HIPAA Security Rule.

They were also found in violation of the administrative safeguards by failing to perform a security evaluation after operational changes.

What they could have done differently: Encrypt all data at rest, including their archived data stored on hard drives. This is a strongly recommended best practice for healthcare organizations that need to meet HIPAA compliance.

They also could have chosen to store their data in a secure, offsite location that had the appropriate physical safeguards/access controls, another important feature of HIPAA compliant data centers.

When: BCBST was alerted October 2, 2009 of an unresponsive server at the facility, but didn’t investigate until October 5, 2009. Official completion date of review, audit and affected individual notification was October 29, 2010.

How much did it cost them: Although the settlement case required BCBST to pay HHS 1.5 million, the company has spent nearly $17 million in investigation, notification and protection costs to date, bringing the total to 18.5 million. Affected individuals received free credit monitoring services, free identity monitoring, consultation, and restoration.

What are their next steps: BCBST encrypted all of its at-rest data, which they claim to be “a voluntary effort which goes above and beyond current industry standards.” While it might not be explicitly required by HIPAA standards, it’s pretty close (read Encrypting Data to Meet HIPAA Compliance for tips) :

A covered entity must, in accordance with §164.306… Implement a mechanism to encrypt and decrypt electronic protected health information.” (45 CFR § 164.312(a)(2)(iv))

BCBST entered a 450 day corrective action plan, which includes sending their written PHI security policies and procedures to HHS, monitoring their employees to ensure they’re trained and following HIPAA compliant policies and procedures, and conduct a risk management plan.

For more on HIPAA violations and the effects of data breaches, try reading How a HIPAA Breach Can Negatively Impact Your Business, or Sutter Health HIPAA Breach: Lessons Learned.

References:
HHS Resolution Agreement
BlueCross, HHS Reach Settlement in 2009 Hard Drive Data Theft
Eastgate Hard Drive Theft
HHS Settles HIPAA Case With BCBST for $1.5 Million

TAGGED:HIPAA violations
Share This Article
Facebook Copy Link Print
Share

Stay Connected

1.5kFollowersLike
4.5kFollowersFollow
2.8kFollowersPin
136kSubscribersSubscribe

Latest News

9 Lifestyle Tweaks That Can Add Years to Your Life
9 Healthcare Lifestyle Tweaks That can Add Years to Your Life
lifestyle
July 11, 2025
car accident lawsuit
Let Your Lawyer Handle the Work Before You Pay Medical Costs
Policy & Law
July 6, 2025
women dental care
What Is a Smile Makeover and How Much Does It Cost?
Dental health
June 30, 2025
HIPAA-Compliant Messaging Apps
Top HIPAA-Compliant Messaging Apps for Healthcare Teams
Global Healthcare Policy & Law Technology
June 25, 2025

You Might also Like

HIT-Driven Patient Engagement Is A Bust: Try Developing Doctor-Patient Relationships First

March 21, 2013

5 Things You Should Know About HIPAA

January 19, 2016
HIE
BusinesseHealthHealth ReformHospital AdministrationMedical RecordsPolicy & LawPublic HealthTechnology

Collaboration and Federation: IHE Creating Direct Project Provider Directory

June 7, 2014
EHR
DiagnosticseHealthHealth ReformMedical InnovationsMedical RecordsTechnology

Why EHRs are Key to Better Clinical Data

April 29, 2014
Subscribe
Subscribe to our newsletter to get our newest articles instantly!
Follow US
© 2008-2025 HealthWorks Collective. All Rights Reserved.
  • About
  • Contact
  • Privacy
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?