WellPoint Dinged $1.7 million by HHS for Health Data Leak

July 12, 2013
WellPoint, a large health payer headquartered in Indianapolis, will pay $1.7 million to the U.S. Department of Health and Human Services (HHS) for a data breach that left the protected health information (PHI) of 612,402 people accessible to unauthorized individuals over the Internet during the course of a five month period.

WellPoint, a large health payer headquartered in Indianapolis, will pay $1.7 million to the U.S. Department of Health and Human Services (HHS) for a data breach that left the protected health information (PHI) of 612,402 people accessible to unauthorized individuals over the Internet during the course of a five month period.

The PHI of these individuals included names, dates of birth, addresses, Social Security numbers, telephone numbers and health information. The fine is one of the largest HHS has ever doled out for a violation of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule. In June of last year, Alaska Department of Health and Social Services (DHSS) and the state Medicaid agency, agreed to pay $1.7 million as well, for a PHI-related data leak.

According to HHS, the HHS Office for Civil Rights (OCR) investigated the breach after WellPoint submitted a report, as required by the Health Information Technology for Economic and Clinical Health (HITECH) Act. Their investigation discovered that WellPoint failed to implement policies and procedures for authorizing access to the on-line application database and perform appropriate technical evaluations to a software upgrade to its information systems.

HHS also implied that WellPoint did not have technical safeguards in place to verify the person or entity seeking access to PHI maintained in its application database. The breach, HHS says, happened from Oct. 23, 2009, until Mar. 7, 2010.

In a statement to Reuters, WellPoint said it made changes to prevent it from happening ever again as soon it is happened.

Sponsored Recommendations

Healthcare Industry Predictions 2024 and Beyond

The next five years are all about mastering generative AI — is the healthcare industry ready?

Fast Tracking Caregiver Success

World-class organizations are built on world-class people. Yet in the healthcare industry, burnout is rife and the global talent shortage significantly eclipses other sectors....

Admit it, your EHR can’t do everything: Strategies for efficiency and better consumer experiences

Discover strategies to overcome EHR limitations and boost efficiency in your practice. Join industry leaders as they explore how a unified care enablement model can streamline...

Driving top quality performance through data-driven actionable insights.

Join us to explore how data-driven insights are transforming healthcare. Learn how leveraging big data and analytics can enhance patient care, optimize workflows, and drive top...