Welcome to the Nexus of Ethics, Psychology, Morality, Philosophy and Health Care

Welcome to the nexus of ethics, psychology, morality, technology, health care, and philosophy
Showing posts with label Wellpoint. Show all posts
Showing posts with label Wellpoint. Show all posts

Thursday, July 11, 2013

WellPoint to pay $1.7 million HIPAA penalty

By Rachel Landen and Joseph Conn
ModernHealthcare.com
Published July 11, 2013

WellPoint, which serves nearly 36 million people through its affiliated health plans, has agreed to pay a $1.7 million penalty to HHS for potential violations of the privacy and security rules under the Health Insurance Portability and Accountability Act of 1996.

Between Oct. 23, 2009, and March 7, 2010, access to personal data for 612,402 people—their names, dates of birth, addresses, Social Security numbers, telephone numbers and health information—was made available to unauthorized users as the result of online security weaknesses, HHS said Thursday.

During an investigation of WellPoint's information systems, HHS' Office for Civil Rights found that the Indianapolis-based insurer had not enacted appropriate administrative, technical and physical safeguards for data as required by HIPAA.

The entire story is here.

Monday, August 15, 2011

Wellpoint Reaches Settlement on Data Loss


WellPoint has reached a preliminary settlement in a class-action lawsuit filed in California Superior Court for the potential exposure of data belonging to more than 600,000 health insurance applicants on a company-run website.

Under the settlement, WellPoint agreed to offer credit monitoring services for two years to all affected individuals, according to a report by amednews.com.

The company agreed to reimburse affected individuals up to $50,000 for any identity theft losses; individuals have until May 31, 2016, to file an identity theft loss claim. The company also agreed to donate a total of $250,000 to two nonprofit organizations whose efforts are directed at protecting consumers' privacy on the Internet, according to the report.

The situation came to light when an applicant to WellPoint-owned Anthem Blue Cross of California sued the company in March 2010, according to a report by amednews.com. The applicant said he was able to manipulate the web address within the site and gain access to other applicants’ information, including names, addresses, dates of birth, social security numbers, and health and financial information.

When the class-action lawsuit was filed, the company said an upgrade to its system caused the information to be exposed. A third-party vendor had said that security measures were in place, when if fact they were not.

A hearing is scheduled for November at which time the court will decide whether to approve the settlement, the report noted.

Last month, WellPoint agreed to pay $100,000 in fines for delaying notification to 32,000 Indiana customers affected by a possible data breach in a settlement with the Indiana Attorney General.