Skip to content Skip to navigation

WellPoint Dinged $1.7 million by HHS for Health Data Leak

July 12, 2013
by Gabriel Perna
| Reprints

WellPoint, a large health payer headquartered in Indianapolis, will pay $1.7 million to the U.S. Department of Health and Human Services (HHS) for a data breach that left the protected health information (PHI) of 612,402 people accessible to unauthorized individuals over the Internet during the course of a five month period.

The PHI of these individuals included names, dates of birth, addresses, Social Security numbers, telephone numbers and health information. The fine is one of the largest HHS has ever doled out for a violation of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule. In June of last year, Alaska Department of Health and Social Services (DHSS) and the state Medicaid agency, agreed to pay $1.7 million as well, for a PHI-related data leak.

According to HHS, the HHS Office for Civil Rights (OCR) investigated the breach after WellPoint submitted a report, as required by the Health Information Technology for Economic and Clinical Health (HITECH) Act. Their investigation discovered that WellPoint failed to implement policies and procedures for authorizing access to the on-line application database and perform appropriate technical evaluations to a software upgrade to its information systems.

HHS also implied that WellPoint did not have technical safeguards in place to verify the person or entity seeking access to PHI maintained in its application database. The breach, HHS says, happened from Oct. 23, 2009, until Mar. 7, 2010.

In a statement to Reuters, WellPoint said it made changes to prevent it from happening ever again as soon it is happened.



Insurers to CBO: Consider Private Insurers’ Data in Evaluations of Telemedicine

Eleven private insurers, including Aetna, Humana and Anthem, are urging the Congressional Budget Office (CBO) to consider the experience of commercial insurers when evaluating the impact of telemedicine coverage in Medicare.

AHRQ Developing New Patient Safety Surveillance Tool

With the aim of improving patient safety monitoring, the Agency for Healthcare Research and Quality (AHRQ) within the U.S. Department of Health and Human Services (HHS) is currently developing and testing an improved patient safety surveillance system.

Gates Foundation Awards $210M to UW's Population Health Initiative

The Bill and Melinda Gates Foundation is awarding $210 million to Seattle-based University of Washington’s Population Health Initiative, with the funds going toward the construction of a new building to serve as the initiative’s hub.

AHA Offers Interoperability Standards Recommendations to ONC

The American Hospital Association (AHA) has offered feedback to the ONC on the agency’s draft Interoperability Standards Advisory (ISA) that it issued in August.

Survey: Healthcare Orgs Not Taking Mobile Security Seriously Enough

More than half (56 percent) of healthcare professionals believe their organization could be doing more to educate employees on HIPAA compliance and the rules around sharing protected health information.

Mount Sinai’s Research Arm Using Data Analytics to Address Health Inequities

The Arnhold Institute for Global Health at the Icahn School of Medicine at Mount Sinai is partnering with DigitalGlobe to create the Health Equity Atlas Initiative (ATLAS), a platform that standardizes and maps population data in order to generate insights that address health inequities.