Health System Pays $1.25 Million in HIPAA Settlement Over 2016 Data Breach

More than six years after a data breach that disclosed 2.81 million patients’ protected health information, Banner Health?has agreed to pay $1.25 million ?to the U.S. government to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA), Campus Safety Magazine recently reported. The Arizona-based healthcare system also agreed to implement changes to better protect patient information.

According to?an announcement ?from the U.S. Department of Health and Human Services, an Office for Civil Rights investigation launched after the mid-2016 cyberattack found evidence of Banner Health’s “long-term, pervasive noncompliance” with HIPAA guidelines, including insufficient monitoring of health information system activity and failure to use processes that would safeguard health information.

“The precedents have been set for how the government is requiring companies to protect data, so this will not be the first time we see a higher penalty,” said Derek Kilmer , Associate Managing Director, Broker, Professional Liability,? Burns & Wilcox , Detroit/Farmington Hills, Michigan. “The fines and penalties are definitely increasing as time goes on, especially as the regulatory bodies get caught up more on these cases in general."

Recent reports show that the number of data breaches in the healthcare industry remains?higher than pre-pandemic levels ?and that?more patients are being affected ?per breach. This makes data security efforts and broad?Cyber and Privacy Liability Insurance ?increasingly important for healthcare companies, said Karl Olson , Vice President, Professional & Management Liability Practice Leader, Burns & Wilcox Brokerage, San Francisco, California.

Read the full article?here .

Interested in receiving more specialty insurance intel??Sign up here ?to receive the latest industry news.