Sign Up Now
Get instant access to over 1 million+ study documents
OR
Already registered? click here to login
By creating your account, you agree to our terms of service, privacy policy and student honor code.
The Blue Cross Blue Shield of Tennessee settled for $1.5 million on a HIPAA breach of privacy case. The HHS website outlines the particulars of this case. There were 57 unencrypted hard drives that were stolen from a facility. These contained personal health care information on over 1 million individuals, so the fine was like a buck fifty per person, and was probably less than it would have cost the company to properly secure that information.
Nevertheless, the case highlights a few different things that the company could have done differently in order to follow HIPAA rules. The first is that the data was being held in a leased space, one that apparently was not particularly secure. The company could have held the hard drives in a facility that it owned, over which is had more control over the security procedures. In that situation, it would make sense that the company had access controls to the facilities. With a leased space, the owner of the building has a certain degree of access, therefore there is greater risk of a breach. In this instance, the owner of the building – or the management company – was actually in charge of security, and they may not...
Furthermore, the BCBST did not have as much visibility into security of the data.
Furthermore, the files were on the hard drives and all the hard drives were stored in one place. Mitigating damages could have been done if the files were kept in multiple locations – in the event of a breach, far fewer people would have their information compromised. Making matters worse in this case, the company had vacated most of the premises in question, except for the closet where the network hardware was kept. As such, there was almost no staff visibility into the hardware on which the data was stored. This makes it easier to steal, and in this case the theft was not noticed for 3 days, in part a result of having the storage in a location away from the where the staff actually worked.
The lack of encryption is one of the most important aspects of this case. Hard drives containing sensitive personal health information should be stored on encrypted files. This way, even if the hard drives fall into the wrong hands, the information is not easily accessed. You obviously want…
References
HHS.gov (2018) HHS settles HIPAA case with BCBST for $1.5 million. Department of Health and Human Services. Retrieved January 13, 2018 from https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/examples/BCBST/index.html
HHS.gov (2018) Resolution agreement. Retrieved January 13, 2018 from https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/enforcement/examples/resolution_agreement_and_cap.pdf
From a utilitarian perspective, the improper disclosure of confidential health information related to HIV / AIDS is an absolute wrong. While such improper disclosure may actually be beneficial to the at-risk people in the patient's life, such as unprotected sex partners, when viewed from a societal point-of-view, such disclosure would be improper. Most people who know that they have a contagious fatal disease will take steps to limit other's exposure
HIPAA Compliance Training of Nursing Services Staff Curriculum Development - HIPAA Educational need and rationale. The primary educational need of nurses at Heart of Lancaster Regional Medical Center is training in the Health Insurance Portability and Accountability Act (HIPAA). The basis for identification of this need was the administration of semi-structured interviews and questionnaires with nursing services staff at Heart of Lancaster medical center. The results of the interviews and survey showed
HIPAA Compliance Unfortunately, the world we live in is not always trustworthy. There are those even in the most sensitive positions, like healthcare providers, who are more than willing to exploit patient information for their own selfish gains. This is why the federal government has stepped in to ensure greater patient protection with the HIPAA. The HIPAA is a piece of legislation that aims to further provide protection for patients in a
HIPAA (the Health Insurance Portability and Accountability Act of 1996) and Recent Changes On August 21, 1996 a new law was signed called the Health Insurance Portability and Accounting Act of 1996, which is abbreviated as HIPPA (HEP-C, 2003 & Regence, 2003). The law guarantees many things to American workers, including continuous healthcare coverage for people who are changing jobs (DC, 2003). HIPPA also includes a provision that details the manner
The security rule also requires the physician to train his staff periodically on security policies and procedures and to come up with a contingency plan in cases of calamities like an earthquake, fire or other events that can destroy his information systems. Experts estimate that 70-80% of the administrative policies and procedures and 20-30% of the technology of the security rule constitute its implementation specifications and other approaches in
HIPAA Privacy Rule: The Effects of the HIPAA Privacy Rule on Clinical Research The positive and negative effects the HIPAA Privacy Rule has on clinical research The HIPAA Privacy Rule was issued by the United States Department of Health and Human Services (HHS) in accordance with the Health Insurance Portability and Accountability Act of 1996. Its major goals is to ensure that people's health information is protected and at the same time