By David Dirr | ddirr@dbllaw.com March 23, 2012


The U.S. Department of Health and Human Services (HHS) hopes that its recent settlement of $1.5 million with Blue Cross and Blue Shield of Tennessee serves as a warning to healthcare providers and insurers. The settlement with Blue Cross and Blue Shield stemmed from an incident in which 57 of the insurer’s hard drives that contained protected health information were stolen from a leased facility. An investigation by the Office of Civil Rights of HHS revealed that Blue Cross and Blue Shield did not conduct a proper security evaluation of its data storage and failed to ensure that the leased facility was appropriately secured.

In a recent interview with Modern Healthcare, the deputy director of the Office of Civil Rights of HHS, which enforces HIPAA, said that providers need to make sure that their protected health data is secured even when it is in the hands of a third party. The deputy director warned that providers need to ensure that appropriate safeguards are in place wherever health data is stored, including third-party cloud storage systems.


See the entire article at the Modern Healthcare website: http://www.modernhealthcare.com/article/20120318/NEWS/303189977/ocr-deputy-lessons-for-providers-in-hipaa-settlement

David Dirr is a Northern Kentucky attorney practicing at Dressman Benzinger LaVelle psc.



Comments are closed.