WellPoint has agreed to pay the government $1.7 million to settle potential violations of HIPAA, the U.S. Department of Health and Human Services said Thursday.

An HHS investigation found that the health insurance giant “impermissibly disclosed” electronic protected health information of 612,402 individuals between Oct. 23, 2009 and March 7, 2010. That information included names, dates of birth, addresses, Social Security numbers, telephone numbers and health information.

The health agency said that WellPoint may have violated HIPAA — the Health Insurance Portability and Accountability Act of 1996 — after the Indianapolis-based insurer reported the breach to HHS.

HHS said the case “sends an important message to HIPAA-covered entities to take caution when implementing changes to their information systems, especially when those changes involve updates to Web-based applications or portals that are used to provide access to consumers’ health data using the Internet.”

Beginning Sept. 23, 2013, liability for many of HIPAA’s requirements will extend directly to business associates that receive or store protected health information, such as contractors and subcontractors.

Complete your profile to continue reading and get FREE access to BenefitsPRO, part of your ALM digital membership.

Your access to unlimited BenefitsPRO content isn’t changing.
Once you are an ALM digital member, you’ll receive:

  • Breaking benefits news and analysis, on-site and via our newsletters and custom alerts
  • Educational webcasts, white papers, and ebooks from industry thought leaders
  • Critical converage of the property casualty insurance and financial advisory markets on our other ALM sites, PropertyCasualty360 and ThinkAdvisor
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.