An investigation by the HHS Office of Civil Rights (OCR), conducted following a breach report submitted by Wellpoint, found that security weaknesses left the electronic protected health information (ePHI) of 612,402 individuals accessible to unauthorized individuals. The "impermissibly disclosed ePHI" included names, dates of birth, addresses, Social Security numbers, telephone numbers and health information.
"HHS expects organizations to have in place reasonable and appropriate technical, administrative and physical safeguards to protect the confidentiality, integrity and availability of electronic protected health information ."In their press release the HHS also noted that "Beginning Sept. 23, 2013, liability for many of HIPAA’s requirements will extend directly to business associates that receive or store protected health information, such as contractors and subcontractors."
- Department of Health and Human Services, Office for Civil Rights
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.Sources:
(a) Wellpoint Inc. Settles HIPAA Case for $1.7M - www.HHS.gov, 07/10/2013