WellPoint Inc. has been fined $1.7 million for violations of HIPAA’s privacy and security rules due to a breach of participant protected health information.
Between October 23, 2009 and March 7, 2010, certain participants' data accessible through the WellPoint online enrollment website may have been improperly accessed. WellPoint made programming updates to its online enrollment system. As a result of the programming updates, the online data base did not include proper safeguards to make certain the person accessing the site was the individual to whom the information applied. Information that could be improperly viewed included name, date of birth, address, Social Security Number, health and financial information.
The Department of Health and Human Services fined WellPoint $1.7 million for the breach which affected 612,402 individuals.