A Puerto Rico based insurance company, Triple-S Salud, was found to have exposed protected health information in Medicare-eligible individuals’ medical records.
The company manages Medicaid in Puerto Rico. In September 2013, Triple-S Salud mailed letters to Medicare Advantage customers with Medicare numbers visible from the envelope.
The company was fined $6.7 million for the privacy breach. This fine confirms that states may impose penalties for privacy violations in addition to the HIPAA-imposed penalties
