Hitech Breach Case

793 Words4 Pages

The breach I found was from Blue Cross Blue Shield of Tennessee on October 2, 2009. This case was the largest breach incident as of October 2009 under the HITECH breach notification rule. The breach affected more than 1 million individuals. HIPAA privacy and security rules were breached. Security evaluations and physical safeguards are required under the HIPAA security rule. 57 hard drives were stolen that contained protected health information, names, social security numbers, diagnosis codes, dates of birth, and health plan identification numbers of over 1 million individuals. Blue Cross Blue Shield of Tennessee has offered a variety of free credit protection and identity theft protection measures to all who may have been affected. They have agreed to pay a settlement of $1.5 million and conduct a corrective plan of action Tennessee Code Annotation § 56-32-125 confidentiality of information, chapter 32 Health Maintenance Organization Act of 1986 was violated in this breach. This code states that “information/data that is pertaining to a diagnosis, treatment or health of any enrollee or applicant obtained from the person or from any provider by any …show more content…

If a data breach occurs under this code the information holder will disclose the breach following discovery or notification of the breach, to any resident of Tennessee whose unencrypted information was acquired by a person(s) who did not have access to it. There will be no unreasonable delay of time for the disclosure of the breach unless law enforcement deems necessary to impede a criminal investigation. The breach notification will be provided by written notice, electronic notice, or substitute notice: E-mail notice, conspicuous posting on Internet website page, or notification to major statewide