Triple-S Management Corporation, formerly American Health Medicare Inc. has agreed to a $3.5 million settlement for potential HIPAA violations. Triple-S is an insurance holding company based in Puerto Rico which offers insurance products and services to Puerto Rico residents.
The Department of Health and Human Services began investigating Triple-S after receiving multiple breach notification reports from the company. HHS investigations showed noncompliance with HIPAA, including failure to implement appropriate administrative, physical and technical safeguards to protect the privacy of PHI; impermissible disclosure of information to a vendor without a business associate agreement; disclosing more than the minimum amount of PHI necessary; failure to conduct a risk assessment of IT equipment; and failure to implement security measures.
The settlement agreement requires Triple-S to adopt a compliance program, corrective action plan and pay a penalty. The resolution agreement can be accessed here.
