PHI Breaches

In the latest settlements regarding a breach in protected health information BCBS of Tennessee agreed to pay the Health and Human Services (HHS) Office for Civil Rights (OCR) 1.5 million in fines and implement a corrective action plan after a resolution agreement between BCBS and HHS is signed. The breach took place in October 2009 and it is estimated that the same put 1 million consumers at risk. This is not the first time an organization had to paid over six figures in fines as demonstrated by the following examples: UCLA Health System (865,000) Massachusetts General Hospital (1 million) Cignet Health (4.3 million) Rite Aid (1 million) CVS/pharmacy (2.2 million) Providence Health & Services (100,000) I’m cautiously optimistic that they learned their lessons from these experiences; however, I still see a significant number of Covered Entities and Business Associates that are not compliant with the rules. Worst of all, most Covered Entities don’t even know about the requirements they have to follow and some don’t even take care of the routinary actions mandated by these requirements. Right now is the time to take control of your life, learn, adjust and implement. Identify what you need to do, what you can do in house and what you need to subcontract for.