Health Information Management

Puerto Rico-based health insurer fined $6.8 million for HIPAA breach

HIM-HIPAA Insider, March 3, 2014

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

by Jaclyn Fitzgerald, Associate Editor

The Puerto Rico Health Insurance Administration (ASES, by its acronym in Spanish) recently imposed a $6.8 million fine for HIPAA violations on Triple-S Salud, Inc., (TSS), according to documents filed with the Securities and Exchange Commission. The fine far exceeds many imposed by OCR, which issued its highest civil monetary penalty of $4.3 million to Cignet Health in 2011.
On September 30, 2013, TSS mailed a pamphlet to 70,000 Medicare Advantage beneficiaries that displayed the receiving beneficiary’s Medicare Health Insurance Claim Number (HICN), a unique number assigned by the Social Security Administration that is considered PHI. The fine imposed on TSS, a health insurance subsidiary of Triple-S Management Corporation, is the result of a breach of PHI of 13,226 dual-eligible Medicare beneficiaries, according to the filing.
TSS conducted an internal investigation of the breach and reported the incident to Puerto Rican and federal government agencies. However, ASES alleges that TSS did not take the required steps when responding to the breach, according to the filing.
In addition to the fine, ASES imposed sanctions upon TSS including the suspension of new enrollments of dual-eligible Medicare beneficiaries. TSS must notify affected individuals of their right to unenroll. The health insurer is offering 12 months of free credit monitoring and identity protection services for affected individuals.

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

    Briefings on APCs
  • Briefings on APCs

    Worried about the complexities of the new rules under OPPS and APCs? Briefings on APCs helps you understand the new rules...

  • HIM Briefings

    Guiding Health Information Management professionals through the continuously changing field of medical records and toward a...

  • Briefings on Coding Compliance Strategies

    Submitting improper Medicare documentation can lead to denial of fees, payback, fines, and increased diligence from payers...

  • Briefings on HIPAA

    How can you minimize the impact of HIPAA? Subscribe to Briefings on HIPAA, your health information management resource for...

  • The Privacy Officer's Handbook, Second Edition

    Privacy and security requirements now extend to business associates and vendors of personal health records. Individuals, not...

Most Popular