Tag Archives: Corrective Action Plan

$1.5 Million Settlement of First HIPAA Enforcement Action Resulting from HITECH Breach Notification Rule

The trend toward increasingly large health information breach settlements has continued with yesterday’s announcement thatBlue Cross Blue Shield of Tennessee (BCBST) has agreed to pay the U.S. Department of Health and Human Services (HHS) $1,500,000 to settle potential violations of HIPAA’s Privacy and Security Rules, HHS’s Office of Civil Rights. BCBST also agreed to a corrective action plan to address gaps in its HIPAA compliance program.… More

What Is Inside Mass General’s $1 Million HIPAA Settlement?

As we noted earlier this month, Massachusetts General Hospital recently entered into a $1 million Resolution Agreement  and Corrective Action Plan with the Department of Health and Human Services’ Office of Civil Rights.  This settlement stemmed from an incident on March 9, 2009, when a MGH employee was commuting on the subway, "removed documents containing PHI from her bag and placed them on the seat beside her. The documents were not in an envelope and were bound with a rubber band.… More