HIPAA Penalties Hit Insurers
Well-known insurers such as Cignet and Blue Cross Blue Shield and pharmacies such as CVS have violated the Health Insurance Portability and Accountability Act (HIPAA), leading to substantial national public embarrassment and penalties. In February 2011 Cignet Health failed to provide 41 patients copies of their medical records. Cignet subsequently refused to cooperate with the investigation. As a result of these actions, Cignet was fined nearly $105,000 per patient, for a total of $4.3 million.
Blue Cross Blue Shield of Tennessee is securing their patient data better since the March 2012 settlement of $1.5 million. Both hardware and software insufficiencies led to the potential disclosure of patient health records as 57 computer hard drives were stolen. The hard drives were not encrypted, leaving the data vulnerable. The health care records for more than 1 million individuals were potentially compromised in this theft.
CVS Caremark Company (CVS) is still smarting from the 2009 fine of $2.25 million for inadequate handling of customer health information. CVS was cited in policies that fell short of HIPAA standards, training that was inadequate, and procedures that were insufficient in the disposal of customer data. Pill bottle labels with customer names, contact information, and prescription data were thrown out without regard to customer privacy.
Here is an infographic from tasteypalcement
The Cost of Securing Your Health Information-HIPAA Compliance