Did you know?
Till October 2020, there were 13 settlements for some kind of breaches that violated the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules.
The largest HIPAA settlement in the U.S. Health Data Breach History is $16 Million.
Anthem Inc. an independent licensee of the Blue Cross and Blue Shield Association provides medical care coverage to one in eight Americans through its affiliated health plans. A breach attack was filed by Anthem Inc. with the Office for Civil Rights (OCR) which investigated the matter and the results revealed that the ePHI of almost 79 million individuals was stolen – considered as the largest health data breach in U.S. history breach. Anthem agreed to pay $16 million.
The cause: The reasons for the breach was attributed to the failure to implement protective measures that should have detected early attacks by hackers to steal and harvest sensitive people’s private information. Further, procedures to conduct enterprise-wide risk analysis were not in place, failure in the identification of suspicious incidents, and the absence of adequate minimum access controls to prevent cyber-attacks led to this catastrophe resulting in colossal losses in damages.
The second largest HIPAA settlement was $6.85 Million.
Premera Blue Cross (PBC) accepted to pay to the Office for Civil Rights (OCR) in the U.S. Department of Health and Human Services (HHS) $6.85 Million to settle a Data Breach.
The cause: Cyber-attack of the PBC’s IT system whereby hackers installed malware that not only went unchecked but breached the electronic Protected Health Information (ePHI) of 10.4 million people.
Serious consequences for slighting HIPAA
The failure in adhering to set standards and compliances to securing data that could prove to be catastrophic and too expensive in terms of the settlement.
The list of providers who settled with the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) under the HIPAA Right of Access this year.
- City Health Department failed to terminate former employee’s access to protected health information – October 30, 2020
- Aetna Pays $1,000,000 to Settle Three HIPAA Breaches – October 28, 2020
- OCR Settles Ninth Investigation in HIPAA Right of Access Initiative – October 9, 2020
- OCR Settles Eighth Investigation in HIPAA Right of Access Initiative – October 7, 2020
- Health Insurer Pays $6.85 Million to Settle Data Breach Affecting Over 10.4 Million People – September 25, 2020
- HIPAA Business Associate Pays $2.3 Million to Settle Breach Affecting Protected Health Information of Over 6 million Individual – September 23, 2020
- Orthopedic Clinic Pays $1.5 Million to Settle Systemic Noncompliance with HIPAA Rules – September 21, 2020
- OCR Settles Five More Investigations in HIPAA Right of Access Initiative – September 15, 2020
- Lifespan Pays $1,040,000 to OCR to Settle Unencrypted Stolen Laptop Breach – July 27, 2020
- Small Health Care Provider Fails to Implement Multiple HIPAA Security Rule Requirements – July 23, 2020
- Health Care Provider Pays $100,000 Settlement to OCR for Failing to Implement HIPAA Security Rule Requirements – March 3, 2020
How can databrackets help you?
databrackets’ certified privacy and security professionals can help healthcare Covered Entity(CE) and Business Associate(BA) comply with the HIPAA/HITECH compliance assurance requirement most efficiently and cost-effectively, by leveraging databrackets’ SaaS assessment platform, awareness training, policies, and procedures and consulting expertise..
databrackets recommends healthcare entities to conduct comprehensive HIPAA/HITECH compliance assessment to prevent data breaches on a yearly basis.
To learn more about our HIPAA services, visit us at https://databrackets.com/services/hipaa-hitech-compliance-assurance/