[ Monday, March 15, 2010 ]
Minnesota Blue Cross
has been sued by a member
for disclosing her personal information. It seems like, in preparing an educational brochure for members that tells them how to submit claims, they took a real member's EOB and included it without changing the names. No procedures were disclosed, just that the woman was a patient of a particular surgery center and how much her care cost. But it's still a HIPAA violation, since that's definitely PHI.
This could be a very interesting case; I'm assuming it happened before HITECH, so I don't think the woman gets a part of any financial revocery from BCBS. And even with HITECH, there's no private cause of action. I don't know what her actual damages are -- that will determine her recovery from suing BCBS.
Jeff [8:51 AM]
Blogger: HIPAA Blog - Edit your Template