HIPAA Compliance

HIPAA Breach Alert: WellPoint fined $1.7M

Krishna Kurapati
March 11, 2017

In what is believed to be one of the larger HIPAA breach settlements in recent memory, health insurer WellPoint has agreed to settle with HHS for $1.7M stemming from a 2009 and 2010 incident where WellPoint impermissibly disclosed the ePHI of over 600,000 individuals through an unsecured online application. During its investigation, OCR found that WellPoint had not enacted the appropriate administrative, technical, and physical safeguards mandated under HIPAA.

WellPoint discovered the security and privacy lapses when an applicant to the insurer notified the company that she could access PHI of other policyholders through the WellPoint website application. This event further exemplifies to providers that actual acquisition of PHI by unauthorized individuals is not needed to trigger HIPAA violations. Rather, merely the discovery of unsecured data in any form can be enough to trigger an OCR investigation and lawsuit.

wellpoint hipaa breach settlement
An image of a doctor. This image contains the following message. Learn more about Healthcare's most flexible collaborative platform. This image also contains a button that says, Request a Demo.
The Author
Krishna Kurapati

Krishna Kurapati is the Founder and CEO of QliqSOFT. He has more than two decades of technology entrepreneurship experience. Kurapati started QliqSOFT with the strong desire to solve clinical collaboration and workflow challenges using artificial intelligence (AI)-powered digital technologies across the U.S. healthcare system.

Healthcare's Most Flexible Collaboration Platform

Engaging Patients and Connecting Care Teams Through Interactive Digital Conversations

Learn More

Other Blog Posts