A community of 30,000 US Transcriptionist serving Medical Transcription Industry

Major HIPAA violation by BCBS of GA - what penalties do they incur?

Posted: Jun 26, 2010

So today I get a letter from BCBS of GA. Whoops, they had a security breech on their website. Someone "may have" gotten acccess to my name, SS #, and credit card info.

They made "security changes to prevent it from happening again".

They are offering me one free year of "identity protection" under Debix Identity Protection Network (has ANYONE out there every heard of this company?). They want me to leap on to the DIPN website and give them all my information so they can protect it. And give me a brochure about how to contact the big 3 credit agencies.

This feels like a scam. Why in the devil would I want to give them more internet information to get hacked, and why would they choose some unheard of "identity protection" company for me to send it to? Is this a sneaky ploy to get more of my ID? Or a sneaky ploy to get their pet identity theft company to hound me to extend my "membership" until the end of time?

Is this a HIPAA penalty and is everyone who has an internet security breach required to provide a year's free identity protection coverage? Has anyone ever heard of this?

You'd think a billion dollar corporation like BCBS would have to do a little more than say "oops" and give out free policies from some obscure company. You'd think there'd be some lawsuits and some whopping fines.

I am shocked and outraged at the way they try to scare the crap out of MTs about security and then a national insurance corporation gets away with this! Where are the news headlines saying they got hacked and giving people a heads up?

sounds like a scam - contact your BCBS (sm) - anon

[ In Reply To ..]
I got a letter one day from my mortgage company that said basically the same thing - their secured was breeched - HOWEVER, they also said to call the company if any concerns. They informed what they were doing about this and offered advice on what we as potential victims could do for our own protection, but IN NO WAY DID THEY ASK FOR INFO (which, I might add, they already had as my mtg company)!!

I would call BCBS and NOT any number off this letter - ask if the breech is true. Mine was, it was major and all over the internet as well. Nothing happened - I keep watch to this day - and not once was asked to hand over identify info - THAT is illegal.

Another reason it sounds like a scam - what penalties do they incur?

[ In Reply To ..]
Both the BCBS letterhead and the "Debix" protection application have PO boxes in Suwanee, GA as addresses. They are different PO boxes but I just find it pretty odd neither one of them gives a physical address and they both "happen" to be in the same small town.

Does sound sketchy. - sm

[ In Reply To ..]
According to their website, Debix is located in Austin, TX, so why would they have a P.O. Box in GA. Definitely call BCBS. I am sure they would want to know someone is sending around this scam, if that is what it turns out to be. Hopefully they can warn their other clients.

you can go straight to the 3 credit bureaus and - anon

[ In Reply To ..]
have a fraud watch implimented for a small fee (10.00 or so) - they will notify you immediately if something is wrong.

google BSBC security breach Georgia. It did happen but you need to read up. I still would not give any personal info up to anyone through BCBS at this point, but that's me.

Thanks I will research it more tomorrow - what penalties do they incur?

[ In Reply To ..]
Tomorrow starts my weekend to I will have more time to try and get to the bottom of it.

I don't plan on giving them any more info (they sent a long form to fill out and mail for "protection" in case I didn't feel "comfortable" submitting it through the net!).

I'm just absolutely furious when I think of all the info they demanded when I tried to purchase a private policy last fall - everything but my shoe size, and for my son as well. Then they refused me coverage and I purchased different coverage for my son. IMO, if they deny coverage they should scrap all that info, not leave it laying around their database to get hacked (or share with other insurance companies to try to catch me leaving something off on my next application so they can scream "fraud"). I'm just really mad I wasted my time trying to do business with them to begin with, and now to find out my information hacked this long after the fact is just disgusting!

Did a quick Google, their last "breech" was - sm - ECMT

[ In Reply To ..]
was Oct. 2, 2009 with 1 million people affected (not their first time)----On Oct. 2, 2009, someone stole 57 unencrypted hard drives from servers at a call center the insurer had recently closed. So far, there have been no arrests, nor any evidence of fraud committed, the company reports.-----this is from an article May 19, 2010, and it was BCBS of Tennessee. Had another in NJ in Jan.2008 when a laptop was stolen with 300,000 names/data--------no mention of anything in GA or even recent, so most likely you have a scam/phishing letter on your hands, typical scare tactics. I do not respond to any emails of that nature, and have never gotten anything in the mail before, that is quite clever. Does it have your name on it, or is it just Dear customer? --Anyway, good luck in your research but truly sounds like a sophisicated scam.

They have my full name on it - what penalties do they incur?

[ In Reply To ..]
Plus a number I don't recognize above my name, and an "activation code" I must use when I sign up for "protection" within 90 days. At the very end of the letter they have a phone number of "the assistance line we have set up" and the hours to call it. I'll be comparing that number with anything I can find on the website I used to apply last fall, as well as any paper trail I may still have from their rejection correspondence.

Thanks for the extra info, this just sounds worse all the time, doesn't it?!

Contact BCBS of GA immediately - RHIA

[ In Reply To ..]
Offering a year of identity protection is standard in the event of a breach. They're supposed to do that. Even the federal government does this if they incur a breach.

If you are not sure where this letter originated, CALL THE INSURER at their regular number and find out if this is legitimate. Talk to a supervisor who knows, not just the person who answers the phone.

If it is, you need to know because you need to sign up for the free protection service.

If it is not, then they need to know, and you have a duty to report it to them.

It might just have taken this long for the names on the previous breach to be released. They often do not offer the protection until they see evidence that the information on the hard drives was actually accessed or being used, and that can take a while.

It might also be that you would have received a letter from BCBS had you been insured by them, but they would not have known to contact you if you had been rejected.

If your name appears in conjunction with the name of the insurer it is a clue that something is wrong. Please contact them immediately.

If you have cranky feelings about them for rejecting you, call the police, but don't delay.

I would give them nothing. If that info was breached - on their server, they should already (sm)

[ In Reply To ..]
have that information. If it's even a legitimate site. I would NOT give them any more information, or sign up for that "Data Security" site. That doesn't soundon the up and up. I would just change passwords, like on my ATM card and such, and watch my credit card and other statements closely for a while.

It's the same with things that pop up on your computer stating you may have a virus or a breach of security. Some are sophistated enough that their logo looks like Microsoft or AVG. There are even some that just clicking on them to close them can get them into your PC. Gotta be vigilant, and THEN some, these days.

BCBS Breech - NCalMT

[ In Reply To ..]
I received this same letter earlier this week. I am in CA. I have not had time to research this yet either, but plan to tomorrow on my day off. Have you been able to contact BCBS to get any answers?

BCBS breach - magsnfla

[ In Reply To ..]
Here is a link to the agency responsible for HIPAA violations affecting more than 500 individuals. You will be amazed at the names on it - some of the most prestigious health care institutions in the US, including St. Jude's. My doctor is on EMR and it makes me wonder how careful he is with his laptop.

http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/postedbreaches.html

Unfortunately, I think it's real - s/m

[ In Reply To ..]
If you google around, you'll see a couple other sites were people got the same letter, and another site where on 06/06 BCBS of Tennessee announced that they were gearing up to send out letters to a bunch more people, so I would assume you would fall into that category.

Now whether you want to go with the Debix identity protection is another question. There was data theft at some other company and they are referring people to the attorney general's page for information about what to do, so you might want to check yours.

real breach with BCBS. Debis Protection - I don't buy that part. - (no message) anon

[ In Reply To ..]
x

There really is such a company. - s/m

[ In Reply To ..]
On further investigation, I believe this is not a phishing expedition, merely an ineffective insufficient response to the breach.

Similar Messages:

Nov 11, 2013

I posted earlier about a HIPAA violation I believe the company I am subcontracting for is committing. I'm considering filing a complaint, but not sure what this would entail. Before I go too far into it, has anyone filed a complaint against an 'employer,' for lack of a better term, as I am a subcontractor & not an employee? This issue is weighing heavily on my mind. I do have proof of emails sent back and forth that are not encrypted or secured in any way containing reports with t ...

Jun 22, 2010

x ...

May 27, 2010

and paid to have them sent to me. The last 20 pages were someone else's medical record. I called the records dept and told the clerk, and she acted like it was no big deal and could I bring them back? At first, I just wanted the extra 5 bux back that I paid for these (5 bux per 20 pages is what they charge). Then I wondered if someone else got a part of MY medical record? She assured me not. This really sounds like a big fat HIPAA violation and I think th ...

May 26, 2013

So I just took a HIPAA course regarding the "new rules" regarding our liabilities and obligations under the law. I often get dictations by doctors who are obviously working at home with their kids running freely (and loudly) through the room, and perhaps a caretaker's voice now and then. If its a HIPAA violation for ME to have other people listening to dictation, isn't the doctor dictating in the presence of others who obviously have no business hearing that dictation a rep ...

Oct 15, 2014

I think this really should be reported and looked into, as long as we're all supposed to be taking HIPAA so seriously. And, no, it doesn't matter what the violation was, I'm not posting it here for everyone to argue over the dirty details. ...

Jan 10, 2015

instead of my own. I called and told the person (it was the exact person that I had send the records) and he acted like it was no big deal -- he just goes, "oh could you bring that back here today?" Of course I will bring them back, but I think it was funny how he made it seem like there was nothing wrong with the scenario. He probably thought I had no idea about HIPAA. ...

Nov 11, 2009

Anyone experiencing HIPAA violation threats of fines/termination? ...

Feb 11, 2013

With the way BCBS is set up, I'd be better off not having insurance. They set an impossible-for-me-to-meet deductible and then they only pay 75% afterwards? Oh brother. There's no way I can afford that deductible. Thank goodness I'm a fairly healthy individual. ...

Sep 11, 2010

Cannot get the voice to download all the way causing me to not finish report completely. ...

Feb 14, 2015

Okay, let's sum it up: 1. Imedx hid information on losing more than one account for months, this is a fact. 2. Number one above is confirmed by Imedx having an acct going to EPIC, and a few days later 3 accounts that we "do not have access to anymore" as stated by manager. 3. Number two above did not say we lost, or Nuance took back, etc., just "no access." 4. In other words, work shifted to cheaper folks, we get that. 5. Lack of any emails in 2 weeks regarding what is going on is abso ...

Oct 29, 2009

Hi, I need a quick check on HIPAA rules. With respect to the health care debate, I want to write to my senator, etc., about a situation with a patient I transcribed on. The only info. I intend to give is that the patient was a: Russian immigrant, on welfare and receiving Medicaid benefits--when he should not have. He and his "sponsor(s)" was responsible for his care and living expenses. Further, I transcribed a note in which the doctor said that this patient wanted to re-sched ...

Apr 08, 2010

I received an email too 2 days ago from ccm needing an explanation of why I had a patient's report open when I was not actively transcribing. I know there was a night when I had signed out and I had a window still opened that I did not realize was opened. I had minimized the window in case I needed the document again to refer to. Geesh. sometimes I don't even feel like wasting my time to search old reports. I feel like its constant harrassment lately ...

Dec 22, 2009

I guess its not really something new, but as I was visiting a friend in the hospital yesterday a doc was sitting at the nurse's station just dictating away. I clearly heard patient's name and identifying info and her entire medical history while standing outside the room waiting for nurse's to finish with my friend. ...

Apr 07, 2010

Has anyone else gotten a HIPPA violation for referencing old reports when typing an ESL ? ...

Apr 21, 2010

Hello, One of my friends here at MQ was just put back on 100% QA after one bad audit. Now, due to First Time Right, she will be making 3 cpl less for ALL HER LINES since it all is going to QA - except for that 10% allowance that she has. This is just SO not right!!! How is anyone supposed to live on a pay cut like that? For 8-9 cpl, it's a 30% pay cut! Is this reportable to anyone? (If anyone would care...) What can we do about this - besides quit? ...

Aug 02, 2010

The daughter of a friend of mine works in the clinic that I worked at for 18 years in medical records is known to read charts and then tell others about what she has read. For example, someone who has an STD that she knows, she has told lots of friends about it and I have heard it myself. Does anyone have any idea what happens when you report someone for a violation? I am sure that they take the person's name who is reporting it but can you tell me what else is ...

Jul 20, 2010

The word is "hyerekplexia" or is it "hyperkeplexia" ??????? My Stedman's keeps sayingit is hyperekplexia and the doctor keeps correcting me with hyperkeplexia. And on the off chance that I am correct, do I just change it to what he wants and let it go? ...

Dec 09, 2013

Hi All. Hope you are healthy and doing well in general. I'm new to posting on this site, though have been following it for years, receiving some invaluable information and tips. Thank you for that. Recently, however, I've been faced with upcoming termination in a few months due to my current employer's decision to outsource to Amphion. I know very little about this company, though from what I am learning it sounds like MTs are earning anywhere from 8-14 dollars per hour. Can anyon ...

May 07, 2010

I work for a company whose initials are TTS. I was told that QA works on editing and transcribing too and QA has the ability to assign work to themselves. In other words not only do they take work away from the MT but they can choose which work/dictators they want to do. Isn't this a conflict of interest? I know other companies do not allow double dipping but it was confirmed to me TTS does this and that the QA people have the ability to pick and cho ...

Aug 22, 2011

Have there been any major changes in benefits/wages, etc. since the buyout? ...

Jul 03, 2012

Okay ladies, do you ever have a case of brain fog? I've had it for the last 2 days. I have it at this very moment! For some reason, doctors I usually have no trouble with sound like the teacher from Charlie Brown, and things I *know* are simple are escaping my comprehension. Do I need more vitamins? Clean my ears? Am I just sick of this s***? ...

May 28, 2013

Does anyone else run into this? I get all these major error reports from Fiesa, all of a sudden, one after another, with errors that I know, after 15 years of doing this job, I would not have made. I know with certainty that these errors would not escape me. Anyone else get this kind of BS? ...

Jul 29, 2013

Thought I was going to make it through today with no Major error but no such luck. I typed "There are" and they heard "The" Trust me either way the sentence says the same thing and in no way changes the meaning of the sentence so I get dinged a major error for this. I really hope these quality people get good bonuses for these type things. Just another major error to add to my very long list. More in the last 2 weeks then in my entire career of being a transcription ...

Aug 25, 2013

It seems like every morning when I check my email there is at least one major alert in my box - no critical - but always something that they are complaining about. The one today was completely ridiculous, I don't want to be too specific just in case they read this board but I did what they said I didn't do. Going to contest but so maddening!!! It seems the harder I try the more they just pick me apart about stuff. ...

Oct 06, 2013

I know these don't count towards bonuses etc but it still unnerves me to open my email nearly every day and seeing these stupid alerts with my percentage in the tank. Some of them I take full credit for others I dispute but it still shakes me up so therefore some of the mistakes I make is just because I am nervous about literally everything I type. ...

Jun 11, 2014

.....for missing a pronoun at the begininng of a sentence... Symptoms started instead of His symptoms started....major error? I think not. Minus 1.0 whole point for me! There is no consistency in the grading of reports. And again I say, this is a subjective error...someone heard it, I did not and it does not matter anyway. Doctors do not dictate complete sentences all the time. Not to mention the fact that this NP dictator is ALL over the place...go back here, change ...

Jun 23, 2014

These FIESA fiends gave me a major error for leaving out the word "includes" after a header. It's all I can do to do this job these days with my son seriously ill. The last thing I need is this incessant nit-picking. ...

Aug 04, 2014

radiology. Electrocardiogram shows a sinus mechanism, right bundle branch block. The rate is radiology. She had electrocardiogramshows a sinus mechanism, right bundle branch block. The rate is ?????? From the BS doctor (those are his initials) who is a horrible ESL dictator that I spend a lot of time straight typing--waste of my time. ...

Feb 24, 2015

Need advice, should I even bother? VR transcribed patient is a 9-1/2-year old xxxx. Got major error and corrected to 9-year and 7-month-old xxxx. Is that truly a major error??? Of course it was on short report so completely screwed my percentage, so frustrating and irritating. Let me know what you think guys? ...

Mar 05, 2015

I am making less and less at my at-home transcription job. I have not been motivated at all lately, and I also never have enough work when I am motivated. I feel completely depressed. I have rare occasions where I am excited about job searching and entering a new career and/or going to school, but then I seem to lose all hope and motivation. My paychecks are no longer enough to support me. I guess I'm just looking to rant to relieve some of my stress and hopefully so ...