HHS, Insurer Reach First Settlement Under HITECH
PRIVACY LAW—U.S.March 14, 2012
A Tennessee insurer will pay a $1.5 million settlement to the U.S. Department of Health and Human Services (HHS) for HIPAA violations related to its 2009 data breach, COMPUTERWORLD reports. BlueCross BlueShield of Tennessee has already paid $17 million in costs related to the breach, the report states, and now must regularly train employees on HIPAA requirements and review and revise its privacy policies. The settlement is the first enforcement action taken under the HITECH Act and an HHS Office for Civil Rights (OCR) spokesman said it "sends an important message that OCR expects health plans and healthcare providers to have in place a carefully designed, delivered and monitored HIPAA compliance program."