WellPoint takes $1.7 million hit over HIPAA slip

Summary:According to the HHS, WellPoint left patient health data accessible to unauthorized users over the Internet.

WellPoint, a managed health care giant, agreed to pay $1.7 million to the U.S. Department of Health and Human Services for violating HIPAA regulations.

HIPAA, the Health Insurance Portability and Accountability Act of 1996, is a set of rules to maintain patient privacy. HIPAA makes health care one of the most regulated industries along with financial services.

These fines may also pick up given that HIPAA liability will extend to business partners that receive and store health information. HIPAA will extend to contractors and subcontractors on Sept. 23.

According to the HHS, WellPoint left patient health data accessible to unauthorized users over the Internet. The HHS began its WellPoint investigation following a data breach report. Specifically, the HHS found that WellPoint had weak security practices in an online application database and data such as names, dates of birth, addresses, Social Security numbers and health records of 612,000 individuals were exposed.



In a statement, the HHS trumpeted the fine and said that companies under HIPAA regulations need to be more careful about change management when updating Web-based applications.

Overall, WellPoint failed to implement strong security policies and procedures from Oct. 23, 2009 to March 7, 2010 and didn't evaluate the impact of a software upgrade on its systems. WellPoint also failed to have identity management safeguards in place to protect electronic health records.

Topics: Security, Enterprise Software


Larry Dignan is Editor in Chief of ZDNet and SmartPlanet as well as Editorial Director of ZDNet's sister site TechRepublic. He was most recently Executive Editor of News and Blogs at ZDNet. Prior to that he was executive news editor at eWeek and news editor at Baseline. He also served as the East Coast news editor and finance editor at CN... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.