The breach occurred in September, when a Triple-S subsidiary mailed out a pamphlet that accidentally displayed the beneficiaries’ Medicare Health Insurance Claim Number. The breach was reported to HHS and local media per HITECH regulations, and Triple-S contacted affected plan members, according to the report.
In addition to the fine, Triple-S is facing some administrative sanctions as well, including a ban on enrolling new dual-eligible Medicare beneficiaries.
The penalties were imposed solely by the Puerto Rican government, not HHS. The HIPAA omnibus rule sets the maximum federal fine for a one-time incident at $1.5 million.
More Articles on HIPAA:
5 Things to Know About the HITECH Act on Its 5th Birthday
Federal Complaint Alleges St. Rose Dominican Hospital Violated HIPAA
Mental Health Advocates Argue for Coverage of Suicide-Related Costs Under HIPAA
At the Becker's 11th Annual IT + Revenue Cycle Conference: The Future of AI & Digital Health, taking place September 14–17 in Chicago, healthcare executives and digital leaders from across the country will come together to explore how AI, interoperability, cybersecurity, and revenue cycle innovation are transforming care delivery, strengthening financial performance, and driving the next era of digital health. Apply for complimentary registration now.
