In 2014, healthcare insurance company known as WellPoint exposed the private records of over 600,000 patients over the internet. This breach happened when the company chose to upgrade an internet database that contained ePHI. WellPoint was unaware of the offense until the court issued them with a lawsuit showing that the data was accessible through a certain web portal (Erica1). The incidence was considered a violation of the HIPAA regulations, therefore, the court fined the company $ 1.7 million. WellPoint was a covered entity under the HIPAA rules. Covered entities are health plans, healthcare clearinghouses, and healthcare providers electronically transmitting any health data in connection with operations for which HHS has established standards. The transactions are majorly concerned with billing and payment for insurance services or coverage. For example, healthcare clinics, educational, medical centers, doctors, and any other healthcare providers who transmit transaction data electronically are considered covered entities. Therefore, WellPoint is a covered entity according to the HIPAA rules and regulations.
The HIPAA regulations protect the privacy of patients by demanding that healthcare institutions and their associated protect private and sensitive patient data including how the data is disclosed and used. Cybercriminals are targeting the healthcare system, and so HIPAA provides covered entities with minimum requirements for assessing, monitoring and establishing cyber defenses. According to these requirements, Wellpoint being a covered entity under HIPAA was liable for punishment (Hsieh 175). The organization exposed private patient data to the public, making the data vulnerable to cyber attackers. Before the organization decided to upgrade an internet database that contained ePHI, it should have performed technical evaluations to determine the changes that would result from the upgrade (Hsieh 175). The company should also have implemented technology procedures and policies for authenticating users accessing ePHI. It should also have limited the number and groups of users authorized to access the data. Failure to do that risked their patients’ information and this warrants for punishment under the HIPAA rules and regulations.
Works cited
Erica Brinkman, M. J. “HIPAA PRIVACY: Liability Beyond Regulatory Enforcement.” Journal of Health Care Finance (2019).
Hsieh, Roger. “Improving HIPAA Enforcement and Protecting Patient Privacy in a Digital Healthcare Environment.” Loy. U. Chi. LJ 46 (2014): 175.
Do you need high quality Custom Essay Writing Services?