[ Monday, March 15, 2010 ]


Minnesota Blue Cross has been sued by a member for disclosing her personal information. It seems like, in preparing an educational brochure for members that tells them how to submit claims, they took a real member's EOB and included it without changing the names. No procedures were disclosed, just that the woman was a patient of a particular surgery center and how much her care cost. But it's still a HIPAA violation, since that's definitely PHI.

This could be a very interesting case; I'm assuming it happened before HITECH, so I don't think the woman gets a part of any financial revocery from BCBS. And even with HITECH, there's no private cause of action. I don't know what her actual damages are -- that will determine her recovery from suing BCBS.

Jeff [8:51 AM]

Comments: Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template