The U.S. Department of Health And Human Services Settles With Anthem for Record $16M Over Alleged HIPAA Violations

On October 15, 2018, the U.S. Department of Health and Human Services, Office for Civil Rights announced a $16 million settlement with Anthem, Inc. over alleged violations of federal privacy and security regulations under the Health Insurance Portability and Accountability Act.

The settlement resolves an investigation following a data breach that exposed protected health information of nearly 79 million people.  According to OCR, the incident is the largest health data breach to date in the United States and Anthem’s payment similarly represents the largest HIPAA settlement to date.  The settlement is consistent with OCR’s recent focus on enforcing regulatory requirements to conduct an accurate and thorough risk analysis and maintain appropriate mechanisms to monitor systems that contain protected health information and to control access to that information. It also highlights the agency’s distinct cybersecurity remediation approach.

Click here, to continue reading on the Cleary Cybersecurity and Privacy Watch blog.