Friday, July 12, 2013

$1.7M HIPAA Penalty for Wellpoint

Wellpoint, a managed care company, has agreed to pay the US Department of Health and Human Services (HHS) $1.7 million to settle potential HIPAA violations.

An investigation by the HHS Office of Civil Rights (OCR), conducted following a breach report submitted by Wellpoint, found that security weaknesses left the electronic protected health information (ePHI) of 612,402 individuals accessible to unauthorized individuals. The "impermissibly disclosed ePHI" included names, dates of birth, addresses, Social Security numbers, telephone numbers and health information.

"HHS expects organizations to have in place reasonable and appropriate technical, administrative and physical safeguards to protect the confidentiality, integrity and availability of electronic protected health information ."
- Department of Health and Human Services, Office for Civil Rights
In their press release the HHS also noted that "Beginning Sept. 23, 2013, liability for many of HIPAA’s requirements will extend directly to business associates that receive or store protected health information, such as contractors and subcontractors."
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Wellpoint Inc. Settles HIPAA Case for $1.7M - www.HHS.gov, 07/10/2013

No comments:

Popular Posts

Copyright © 2010-2011 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.