WellPoint Dinged $1.7 million by HHS for Health Data Leak | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

WellPoint Dinged $1.7 million by HHS for Health Data Leak

July 12, 2013
by Gabriel Perna
| Reprints

WellPoint, a large health payer headquartered in Indianapolis, will pay $1.7 million to the U.S. Department of Health and Human Services (HHS) for a data breach that left the protected health information (PHI) of 612,402 people accessible to unauthorized individuals over the Internet during the course of a five month period.

The PHI of these individuals included names, dates of birth, addresses, Social Security numbers, telephone numbers and health information. The fine is one of the largest HHS has ever doled out for a violation of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule. In June of last year, Alaska Department of Health and Social Services (DHSS) and the state Medicaid agency, agreed to pay $1.7 million as well, for a PHI-related data leak.

According to HHS, the HHS Office for Civil Rights (OCR) investigated the breach after WellPoint submitted a report, as required by the Health Information Technology for Economic and Clinical Health (HITECH) Act. Their investigation discovered that WellPoint failed to implement policies and procedures for authorizing access to the on-line application database and perform appropriate technical evaluations to a software upgrade to its information systems.

HHS also implied that WellPoint did not have technical safeguards in place to verify the person or entity seeking access to PHI maintained in its application database. The breach, HHS says, happened from Oct. 23, 2009, until Mar. 7, 2010.

In a statement to Reuters, WellPoint said it made changes to prevent it from happening ever again as soon it is happened.



NJ Medical Group Launches Statewide HIE, OneHealth New Jersey

The Medical Society of New Jersey (MSNJ) recently launched OneHealth New Jersey, a statewide health information exchange (HIE) that is now live.

Survey: 70% of Providers Using Off-Premises Computing for Some Applications

A survey conducted by KLAS Research found that 70 percent of healthcare organizations have moved at least some applications or IT infrastructure off-premises.

AMIA Warns of Tax Bill’s Impact on Graduate School Programs in Informatics

Provisions in the Republican tax bill that would count graduate student tuition waivers as taxable income would have detrimental impacts on the viability of fields such as informatics, according to the American Medical Informatics Association.

Appalachia Project to Study Relationship Between Increased Broadband Access, Improved Cancer Care

The Federal Communications Commission and the National Cancer Institute have joined forces to focus on how increasing broadband access and adoption in rural areas can improve the lives of rural cancer patients.

Survey: By 2019, 60% of Medicare Revenues will be Tied to Risk

Medical groups and health systems that are members of AMGA (the American Medical Group Association) expect that nearly 60 percent of their revenues from Medicare will be from risk-based products by 2019, according to the results from a recent survey.

83% of Physicians Have Experienced a Cyber Attack, Survey Finds

Eighty-three percent of physicians in a recent survey said that they have experienced some sort of cyber attack, such as phishing and viruses.