BCBST HIPAA Violation Case Analysis Term Paper

Open, View, and/or
Download this Document

Total Length: 863 words ( 3 double-spaced pages)

Total Sources: 3

Page 1 of 3

The Blue Cross Blue Shield of Tennessee settled for $1.5 million on a HIPAA breach of privacy case. The HHS website outlines the particulars of this case. There were 57 unencrypted hard drives that were stolen from a facility. These contained personal health care information on over 1 million individuals, so the fine was like a buck fifty per person, and was probably less than it would have cost the company to properly secure that information.

Nevertheless, the case highlights a few different things that the company could have done differently in order to follow HIPAA rules. The first is that the data was being held in a leased space, one that apparently was not particularly secure. The company could have held the hard drives in a facility that it owned, over which is had more control over the security procedures. In that situation, it would make sense that the company had access controls to the facilities. With a leased space, the owner of the building has a certain degree of access, therefore there is greater risk of a breach. In this instance, the owner of the building – or the management company – was actually in charge of security, and they may not have known about proper HIPAA procedures for storing sensitive health information.

Stuck Writing Your "BCBST HIPAA Violation Case Analysis" Term Paper?

View All Our Example BCBST HIPAA Violation Case Analysis Term Paper

Have A Custom Example Essay Written

Furthermore, the BCBST did not have as much visibility into security of the data.

Furthermore, the files were on the hard drives and all the hard drives were stored in one place. Mitigating damages could have been done if the files were kept in multiple locations – in the event of a breach, far fewer people would have their information compromised. Making matters worse in this case, the company had vacated most of the premises in question, except for the closet where the network hardware was kept. As such, there was almost no staff visibility into the hardware on which the data was stored. This makes it easier to steal, and in this case the theft was not noticed for 3 days, in part a result of having the storage in a location away from the where the staff actually worked.

The lack of encryption is one of the most important aspects of this case. Hard drives containing sensitive personal health information should be stored on encrypted files. This way, even if the hard drives fall into the wrong hands, the information is not easily accessed.….....

Show More ⇣

     Open the full completed essay and source list


OR

     Order a one-of-a-kind custom essay on this topic


sample essay writing service

Cite This Resource:

Latest APA Format (6th edition)

Copy Reference
"BCBST HIPAA Violation Case Analysis" (2018, January 13) Retrieved May 20, 2025, from
https://www.aceyourpaper.com/essays/bcbst-hipaa-violation-case-analysis-2166878

Latest MLA Format (8th edition)

Copy Reference
"BCBST HIPAA Violation Case Analysis" 13 January 2018. Web.20 May. 2025. <
https://www.aceyourpaper.com/essays/bcbst-hipaa-violation-case-analysis-2166878>

Latest Chicago Format (16th edition)

Copy Reference
"BCBST HIPAA Violation Case Analysis", 13 January 2018, Accessed.20 May. 2025,
https://www.aceyourpaper.com/essays/bcbst-hipaa-violation-case-analysis-2166878
   

Open, View, and/or
Download this Document
order custom essay example