Medicare Compliance & Reimbursement

Industry Note:

Anthem's HIPAA Settlement With OCR Biggest in History

As 2014 ended and 2015 began, private payer, Anthem Inc., suffered the biggest HIPAA violation of all time, when hackers usurped the electronic protected health information (ePHI) of 79 million individuals. Now, the organization has agreed to pay the HHS Office for Civil Rights (OCR) the largest HIPAA settlement of all time.

For the large-scale cyberattack, Anthem will shell out $16 million to the feds for the lost data that included such sensitive information as names, social security numbers, medical IDs, addresses, emails, and other personal details. This payout triples the past leader, a settlement of $5.5 million from 2016, the OCR noted.

“The largest health data breach in U.S. history fully merits the largest HIPAA settlement in history,” said OCR Director Roger Severino in a release on the case. “Unfortunately, Anthem failed to implement appropriate measures for detecting hackers who had gained access to their system to harvest passwords and steal people’s private information.” He went on to warn organizations that failing to implement “strong password policies” and report incidents “in a timely fashion” would bring the wrath of the OCR, the release suggested.

Find out all the particulars of the Anthem settlement at www.hhs.gov/about/news/2018/10/15/anthem-pays-ocr-16-million-record-hipaa-settlement-following-largest-health-data-breach-history.html.