Insurance & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


09:22 PM
Connect Directly

WellPoint Pays HHS $1.7 Million for Data Breach

The payment settles potential HIPAA violations related to a 2009 data breach.

WellPoint has agreed to play the U.S. Department of Health and Human Services (HHS) $1.7 million to settle potential violations of HIPAA data security rules.

WellPoint informed DHS of the breach, which occurred from Oct. 23, 2009 to Mar. 7, 2010 and involved more than 612,000 policyholders, in compliance with the HITECH Act's Breach Notification Rule. An investigation found that WellPoint did not implement appropriate administrative and technical safeguards as required under the HIPAA Security Rule, including:

  • not implementing policies and procedures for authorizing access to an on-line application database

  • failing to perform an appropriate technical evaluation in response to a software upgrade to its information systems

  • putting technical safeguards in place to verify the person or entity seeking access to electronic protected health information maintained in its application database.

[Inside WellPoint's telehealth initiative]

Data exposed included names, dates of birth, addresses, Social Security numbers, telephone numbers and health information.

"Whether systems upgrades are conducted by covered entities or their business associates, HHS expects organizations to have in place reasonable and appropriate technical, administrative and physical safeguards to protect the confidentiality, integrity and availability of electronic protected health information – especially information that is accessible over the Internet," the agency said in a statement.

[Computer glitch spares smokers higher insurance premiums]

Nathan Golia is senior editor of Insurance & Technology. He joined the publication in 2010 as associate editor and covers all aspects of the nexus between insurance and information technology, including mobility, distribution, core systems, customer interaction, and risk ... View Full Bio

Register for Insurance & Technology Newsletters