Data Breach at Puerto Rican Insurer Leads to $6.8M Fine

Triple-S Management, a health insurer based in Puerto Rico, has been fined $6.8 million by the Puerto Rico Health Insurance Administration following a data breach that exposed the information of 13,336 of the insurer's dual-eligible Medicare beneficiaries, according to a report in The Wall Street Journal.

The breach occurred in September, when a Triple-S subsidiary mailed out a pamphlet that accidentally displayed the beneficiaries' Medicare Health Insurance Claim Number. The breach was reported to HHS and local media per HITECH regulations, and Triple-S contacted affected plan members, according to the report.

In addition to the fine, Triple-S is facing some administrative sanctions as well, including a ban on enrolling new dual-eligible Medicare beneficiaries.

The penalties were imposed solely by the Puerto Rican government, not HHS. The HIPAA omnibus rule sets the maximum federal fine for a one-time incident at $1.5 million.  

More Articles on HIPAA:

5 Things to Know About the HITECH Act on Its 5th Birthday
Federal Complaint Alleges St. Rose Dominican Hospital Violated HIPAA
Mental Health Advocates Argue for Coverage of Suicide-Related Costs Under HIPAA

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.


Top 40 Articles from the Past 6 Months