Health Information Compliance Alert

Published on Fri Nov 16, 2018 PDF Audio

As 2014 ended and 2015 began, private payer, Anthem, Inc., suffered the biggest HIPAA violation of all time, when hackers usurped the electronic protected health information (ePHI) of 79 million individuals. Now, the organization has agreed to pay the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) the largest HIPAA settlement of all time.

For the large-scale cyberattack, Anthem will shell out $16 million to the feds for the lost data that included such sensitive information as names, social security numbers, medical IDs, birthdates, addresses, emails, and other personal details. This payout triples the past leader, a settlement of $5.5 million from 2016, the OCRnoted.

“The largest health data breach in U.S. history fully merits the largest HIPAA settlement in history,” said OCR Director Roger Severino in a release on the case. “Unfortunately, Anthem failed to implement appropriate measures for detecting hackers who had gained access to their system to harvest passwords and steal people’s private information.” He went on to warn organizations that failing to implement “strong password policies” and report incidents “in a timely fashion” would bring the wrath of the OCR, the release suggested.

Find out all the particulars of the Anthem settlement at www.hhs.gov/about/news/2018/10/15/anthem-pays-ocr-16-million-record-hipaa-settlement-following-largest-health-data-breach-history.html.