In what is believed to be one of the larger HIPAA breach settlements in recent memory, health insurer WellPoint has agreed to settle with HHS for $1.7M stemming from a 2009 and 2010 incident where WellPoint impermissibly disclosed the ePHI of over 600,000 individuals through an unsecured online application. During its investigation, OCR found that WellPoint had not enacted the appropriate administrative, technical, and physical safeguards mandated under HIPAA.
WellPoint discovered the security and privacy lapses when an applicant to the insurer notified the company that she could access PHI of other policyholders through the WellPoint website application. This event further exemplifies to providers that actual acquisition of PHI by unauthorized individuals is not needed to trigger HIPAA violations. Rather, merely the discovery of unsecured data in any form can be enough to trigger an OCR investigation and lawsuit.
Krishna Kurapati is the Founder and CEO of QliqSOFT. He has more than two decades of technology entrepreneurship experience. Kurapati started QliqSOFT with the strong desire to solve clinical collaboration and workflow challenges using artificial intelligence (AI)-powered digital technologies across the U.S. healthcare system.
© 2024 QliqSOFT, Inc. All Rights reserved
