Triple-S Management, a health insurer based in Puerto Rico, has been fined $6.8 million by the Puerto Rico Health Insurance Administration following a data breach that exposed the information of 13,336 of the insurer's dual-eligible Medicare beneficiaries, according to a report in The Wall Street Journal.
The breach occurred in September, when a Triple-S subsidiary mailed out a pamphlet that accidentally displayed the beneficiaries' Medicare Health Insurance Claim Number. The breach was reported to HHS and local media per HITECH regulations, and Triple-S contacted affected plan members, according to the report.
In addition to the fine, Triple-S is facing some administrative sanctions as well, including a ban on enrolling new dual-eligible Medicare beneficiaries.
The penalties were imposed solely by the Puerto Rican government, not HHS. The HIPAA omnibus rule sets the maximum federal fine for a one-time incident at $1.5 million.
More Articles on HIPAA:
5 Things to Know About the HITECH Act on Its 5th Birthday
Federal Complaint Alleges St. Rose Dominican Hospital Violated HIPAA
Mental Health Advocates Argue for Coverage of Suicide-Related Costs Under HIPAA