HIPAA Compliance

HIPAA Breach Alert: WellPoint fined $1.7M

Krishna Kurapati
March 12, 2017

In what is believed to be one of the larger HIPAA breach settlements in recent memory, health insurer WellPoint has agreed to settle with HHS for $1.7M stemming from a 2009 and 2010 incident where WellPoint impermissibly disclosed the ePHI of over 600,000 individuals through an unsecured online application. During its investigation, OCR found that WellPoint had not enacted the appropriate administrative, technical, and physical safeguards mandated under HIPAA.

WellPoint discovered the security and privacy lapses when an applicant to the insurer notified the company that she could access PHI of other policyholders through the WellPoint website application. This event further exemplifies to providers that actual acquisition of PHI by unauthorized individuals is not needed to trigger HIPAA violations. Rather, merely the discovery of unsecured data in any form can be enough to trigger an OCR investigation and lawsuit.

wellpoint hipaa breach settlement
The Author
Krishna Kurapati

With over two decades of technology entrepreneurship background, Krishna Kurapati started QliqSOFT with the strong desire to solve clinical collaboration and workflow challenges in US Healthcare. During the late 90s, Krishna co-founded IPCell to build the first Cable IP Telephony switch, eventually selling the company to Cisco Systems. In 2003, he started Sipera (acquired by Avaya Systems) to solve security issues for Unified Communications' and raised over $30MM in venture funding. Additionally, he has been actively involved in the early-stage financing of startups in both the US and India.

Healthcare's Most Flexible Collaboration Platform

Engaging Patients and Connecting Care Teams Through Interactive Digital Conversations

Learn More