By Rachel Landen and Joseph Conn
Published July 11, 2013
WellPoint, which serves nearly 36 million people through its affiliated health plans, has agreed to pay a $1.7 million penalty to HHS for potential violations of the privacy and security rules under the Health Insurance Portability and Accountability Act of 1996.
Between Oct. 23, 2009, and March 7, 2010, access to personal data for 612,402 people—their names, dates of birth, addresses, Social Security numbers, telephone numbers and health information—was made available to unauthorized users as the result of online security weaknesses, HHS said Thursday.
During an investigation of WellPoint's information systems, HHS' Office for Civil Rights found that the Indianapolis-based insurer had not enacted appropriate administrative, technical and physical safeguards for data as required by HIPAA.
The entire story is here.