Insurance Law

By: Brian C. Vick
Williams Mullen (North Carolina and Virginia, USA)

In the first enforcement action resulting from a reported privacy breach under the HITECH Act, Blue Cross and Blue Shield of Tennessee (“BCBST”) recently entered a $1.5 million settlement

with the U.S. Department of Health & Human Services following the theft of 57 hard drives from a former BCBST call center.  When the theft occurred in October 2009, BCBST had already ceased operations at the facility, but was continuing to maintain the hard drives in secure data storage located there pending remediation scheduled to take place the following month.  After the theft, BCBST promptly reported the breach to HHS and later determined that the stolen hard drives contained a considerable amount of PHI of its members, primarily in the form of audio recordings of customer service phone calls. Click here to read entire article.