- Emergency Consultation Services
- FMG BlogLine
By: Amy Bender
The Department of Health and Human Services’ Office for Civil Rights (OCR) has announced that insurance giant Aetna will pay $1,000,000 to settle HIPAA violations stemming from the following three disclosures of nearly 19,000 plan members’ protected health information (PHI):
OCR determined that Aetna had committed the following HIPAA breaches:
In addition to paying the hefty fine, Aetna must implement a corrective action plan that includes implementation of, distribution of, and workforce training on written policies and procedures relating to privacy of PHI.
A copy of the settlement agreement and corrective action plan is posted on OCR’s website, available here.
This settlement is yet another reminder to HIPAA-covered entities to be vigilant in maintaining the privacy of PHI. Violations can be costly and result in negative publicity. Freeman Mathis & Gary’s Data Security, Privacy & Technology practice group can assist your organization with implementing data security policies and procedures, other preventative measures, and remedial efforts following a data breach. Please contact Amy Bender at [email protected] for more information.