Indianapolis-based WellPoint has agreed to pay a $1.7 million settlement to HHS to resolve alleged HIPAA violations.
The settlement resolves allegations that WellPoint did not adequately implement policies to authorize access to its online application database or implement technical safeguards to verify the person seeking access to electronic protected health information in that database.
HHS alleged that beginning in October 2009 through March 2010, WellPoint impermissibly disclosed the ePHI of 612,402 individuals by allowing access to the ePHI of such individuals maintained in the application database, according to the release.
Beginning Sept. 23, 2013, HHS said liability for many HIPAA requirements will extend directly to business associates that receive or store protected health information, such as contractors and subcontractors.
More Articles on Healthcare Settlements:
Allegiance Health to Pay $1.8M in False Claims Settlement
Doctors Hospital of Augusta to Pay $1.02M False Claims Settlement
Hospitalist Firm to Pay $14.5M for Allegedly Inflated Medicare Claims