Premera Blue Cross Slapped With $6.8 Million HIPAA Fine
Marianne Kolbasuk McGee
Premera Blue Cross has agreed to pay a $6.85 million fine, the second largest HIPAA settlement ever announced by federal regulators. The case stems from a 2014 breach, which went undetected for nine months and exposed the information of 10.4 million individuals.
In a Friday statement, the Department of Health and Human Services' Office for Civil Rights says its investigation into the Premera breach, which was reported in March 2015, found "systemic noncompliance" with the HIPAA rules, including failure to conduct an enterprisewide risk analysis and implement risk management as well as audit controls.
In 2019, Premera reached a $74 million settlement of a consolidated class action lawsuit tied to the breach as well as a $10 million HIPAA settlement with the attorneys general of 30 states.
OCR's Premera settlement...