WellPoint Pays HHS $1.7 Million to Settle HIPAA Security Violations

Covered Entities Cautioned Regarding Use of Business Associates

On July 8, 2013, health insurer WellPoint, Inc. entered into a Resolution Agreement with the U.S. Department of Health and Human Services, Office for Civil Rights (HHS), agreeing to pay HHS $1.7 million to resolve an HHS complaint regarding violations of the HIPAA Privacy and Security Rules during the period of October 23, 2009, through March 7, 2010. WellPoint reported a breach of electronic protected health information (ePHI) on June 18, 2010, leading to an HHS investigation that commenced on September 9, 2010.

The WellPoint matter serves as a reminder to HIPAA-covered entities and subcontractors that are business associates to comply with the HIPAA Security Rule and to prudently oversee the services provided by these business associates.

Click here to read the full Alert.

© 2009- Duane Morris LLP. Duane Morris is a registered service mark of Duane Morris LLP.

The opinions expressed on this blog are those of the author and are not to be construed as legal advice.

Proudly powered by WordPress