Blue Cross and Blue Shield of Tennessee, which suffered a major breach of protected health information in October 2009, will pay a $1.5 million fine and follow a corrective action plan following the signing of a resolution agreement with the HHS Office for Civil Rights.

A handful of other HIPAA-covered entities have faced major disciplinary actions with OCR, but none have been as candid about their breach as BCBS of Tennessee. The plan treated the breach as a learning moment for itself and the industry, and issued regular public updates.

Other organizations that have paid major fines to OCR following breaches include UCLA Health System ($865,000), Massachusetts General Hospital ($1 million), Cignet Health ($4.3 million), Rite Aid ($1 million), CVS/pharmacy ($2.2 million) and Providence Health & Services ($100,000).

The BCBS Tennessee breach put the protected health information of more than 1 million consumers at risk. The resolution agreement is available here.

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access