WellPoint Dinged $1.7 million by HHS for Health Data Leak

July 12, 2013
WellPoint, a large health payer headquartered in Indianapolis, will pay $1.7 million to the U.S. Department of Health and Human Services (HHS) for a data breach that left the protected health information (PHI) of 612,402 people accessible to unauthorized individuals over the Internet during the course of a five month period.

WellPoint, a large health payer headquartered in Indianapolis, will pay $1.7 million to the U.S. Department of Health and Human Services (HHS) for a data breach that left the protected health information (PHI) of 612,402 people accessible to unauthorized individuals over the Internet during the course of a five month period.

The PHI of these individuals included names, dates of birth, addresses, Social Security numbers, telephone numbers and health information. The fine is one of the largest HHS has ever doled out for a violation of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule. In June of last year, Alaska Department of Health and Social Services (DHSS) and the state Medicaid agency, agreed to pay $1.7 million as well, for a PHI-related data leak.

According to HHS, the HHS Office for Civil Rights (OCR) investigated the breach after WellPoint submitted a report, as required by the Health Information Technology for Economic and Clinical Health (HITECH) Act. Their investigation discovered that WellPoint failed to implement policies and procedures for authorizing access to the on-line application database and perform appropriate technical evaluations to a software upgrade to its information systems.

HHS also implied that WellPoint did not have technical safeguards in place to verify the person or entity seeking access to PHI maintained in its application database. The breach, HHS says, happened from Oct. 23, 2009, until Mar. 7, 2010.

In a statement to Reuters, WellPoint said it made changes to prevent it from happening ever again as soon it is happened.

Sponsored Recommendations

AI-Driven Healthcare: Empowering Nurses, Clinicians, and Care Teams for Smarter, More Efficient Care

Explore how AI-first ThinkAndor® is transforming nursing workflows and patient care at Sentara, improving outcomes, reducing readmissions, and enhancing care transitions in this...

The Future of Storage: The Complexities and Implications in Healthcare

Join us on January 23rd to explore the future of data storage in healthcare and learn how strategic IT decisions today can shape agility and competitiveness for tomorrow.

IT Healthcare Report: Technology Insights for a Transformative Future

Explore the latest healthcare IT trends, challenges, and opportunities in AI, patient care, and security. Gain actionable insights to navigate the industry's transformation.

How to Build Trust in AI: The Data Leaders’ Playbook

This eBook strives to provide data leaders like you with a comprehensive understanding of the urgent need to deliver high-quality data to your business. It also reviews key strategies...