Thursday, October 29, 2020
On October 28, 2020 the U.S. Division of Well being and Human Providers, Workplace for Civil Rights (“HHS”) introduced that Aetna Life Insurance coverage Firm (and the affiliated lined entity, Aetna) agreed to pay $1,000,000 and enter right into a corrective motion plan for violations of the Well being Insurance coverage Portability and Accountability Act of 1996 (HIPAA) Privateness and Safety Guidelines. This can be a results of three separate HIPAA breaches.
In keeping with HHS, the primary breach was found on April 27, 2017 and reported in June of 2017. Aetna had found that info on one in every of its webpages was not protected by a login and had been listed by web engines like google. Over 5,000 people have been affected, with the breach together with their names, insurance coverage identification quantity, declare fee quantity, process providers codes and dates of providers.
The second breach occurred on July 28, 2017 and was reported in August of 2017. Aetna had mailed out profit notices utilizing window envelopes. The window confirmed the phrases “HIV medicine” beneath the member’s title and handle for 11,887 people.
The third breach occurred on September 25, 2017 and was reported in November 2017. Aetna had despatched a analysis research mailing to plan members containing the title and emblem of the atrial fibrillation analysis research during which the members have been collaborating on the envelope for 1,600 people.
In keeping with the HHS press launch, its investigation additionally discovered that “Aetna did not carry out periodic technical and nontechnical evaluations of operational modifications affecting the safety of their digital PHI (ePHI); implement procedures to confirm the id of individuals or entities looking for entry to ePHI; restrict PHI disclosures to the minimal mandatory to perform the aim of the use or disclosure; and have in place applicable administrative, technical, and bodily safeguards to guard the privateness of PHI.”
Learn the HHS Decision Settlement and the Corrective Motion Plan.
©2020 Strassburger McKenna Gutnick & GefskyNationwide Legislation Assessment, Quantity X, Quantity 303