WellPoint slapped with $1.7M fine for HIPAA violations

HIPAA violations will cost insurer WellPoint $1.7 million in fines to the federal government. The organization was charged with HIPAA violations after it left the names, Social Security numbers and personal health information of more than 600,000 individuals accessible over the internet, according to a release from the Department of Health and Human Services (HHS).

The unauthorized data exposure took place from October 2009 to March 2010.

HHS’ Office for Civil Rights (OCR) said the potential HIPAA violations were due to WellPoint not establishing appropriate administrative and technical safeguards in its online application database.

OCR began investigating the incident following a breach report submitted by WellPoint as required by federal breach notification rules.

The company said it has notified those individuals who could be affected as required by state and federal law and provided credit monitoring and identity theft insurance, although no fraud or identity theft has apparently occurred as a result of the incident.

“This case sends an important message to HIPAA-covered entities to take caution when implementing changes to their information systems, especially when those changes involve updates to Web-based applications or portals that are used to provide access to consumers’ health data using the Internet,” OCR officials said in the release.

OCR noted in the release that providers and payers and their business associates are expected to have “reasonable and appropriate” system safeguards in place and that beginning Sept. 23, liability for many of HIPAA’s requirements will extend directly to business associates that receive or store protected health information, such as contractors and subcontractors.

 

Beth Walsh,

Editor

Editor Beth earned a bachelor’s degree in journalism and master’s in health communication. She has worked in hospital, academic and publishing settings over the past 20 years. Beth joined TriMed in 2005, as editor of CMIO and Clinical Innovation + Technology. When not covering all things related to health IT, she spends time with her husband and three children.

Around the web

The tirzepatide shortage that first began in 2022 has been resolved. Drug companies distributing compounded versions of the popular drug now have two to three more months to distribute their remaining supply.

The 24 members of the House Task Force on AI—12 reps from each party—have posted a 253-page report detailing their bipartisan vision for encouraging innovation while minimizing risks. 

Merck sent Hansoh Pharma, a Chinese biopharmaceutical company, an upfront payment of $112 million to license a new investigational GLP-1 receptor agonist. There could be many more payments to come if certain milestones are met.