WellPoint is set to crash two Top 10 lists—the number of members' records exposed in a security breach, and the size of the federal settlement amount paid as a result.WellPoint, which claims 36 million covered lives through its affiliated health plans, has agreed to pay a $1.7 million penalty to HHS for potential violations of the privacy and security rules under the Health Insurance Portability and Accountability Act of 1996, stemming from a 2010 incident.
During an investigation of WellPoint's information systems, HHS' Office for Civil Rights found that the Indianapolis-based insurer had not enacted appropriate administrative, technical and physical safeguards for data as required by HIPAA.
WellPoint's case will become one of the largest medical records breaches kept by OCR, once that agency, which negotiated the settlement agreement, updates its public “wall of shame” breach list to reflect the magnitude of the breach that occurred sometime between Oct. 23, 2009 and March 7, 2010.