On July 11, 2013, the U.S. Department of Health and Human Services (HHS) announced that it had reached a $1.7 million dollar resolution agreement with insurer WellPoint Inc., following a security breach that left the personal information of 612,402 individuals exposed and available to unauthorized computer users. Between October 23, 2009, and March 7, 2010, access to protected health information, including the names, dates of birth, addresses, social security numbers, and health information of applicants was made vulnerable after a system upgrade failed to comply with Health Insurance Portability and Accountability Act (HIPAA) requirements. WellPoint is an Indianapolis-based managed health care insurer that serves approximately 65.3 million individuals through its subsidiaries.
Continue Reading WellPoint, Inc. Reaches $1.7 Million Dollar HIPAA Settlement Continuing the 2012 Trend of Heavy Fines

By Maureen Corcoran

Sweeping changes to the obligations of providers, health plans and their service providers ("business associates") under HIPAA privacy and security rules were included in the American Recovery and Reinvestment Act of 2009. Previously only health plans and providers were covered under HIPAA and subject to the criminal and civil monetary penalties. Effective February 17, 2010, business associates are now directly covered. These new requirements will require amendments to all business associate agreements. Business associates must also draft policies and procedures to implement their obligations under the privacy and security standards. Immediate steps must be taken to prepare for implementation.

Continue Reading HIPAA Statutory Changes Require Action Now by Providers, Plans and Their Business Associates