Deborah Johnson Pyles writes:
One of the lessons from the recent settlement agreement entered into by Blue Cross/Blue Shield of Tennessee with the Department of Health and Human Services is that doing everything right may not be enough. The settlement concerned alleged violations of Health Insurance Portability and Accountability Act privacy and security laws arising from the theft of 57 computer hard drives containing 1,023,209 members names, ID numbers, diagnosis codes, dates of birth, and social security numbers. The hard drives were left in a locked closed in office space that BCBSTN vacated as it moved operations to a new location.
Read more on ID Experts.