Blue Cross Blue Shield of Tennessee agreed to pony up $1.5 million to the U.S. Department of Health and Human Services. The payment is the settlement of a violation of the Health Insurance Portability and Accountability Act (HIPAA) That violation, in turn, stems from 2009 data breach that affected roughly a million BlueCross BlueShield customers. The insurer has also agreed to revise its privacy policy and regularly train employees on their responsibilities under HIPAA as part of the settlement.
Source: https://threatpost.com/bluecross-blueshield-pay-15m-hipaa-violation-031512/76329/

