August 1, 2021

Volume XI, Number 213

Advertisement

July 30, 2021

Subscribe to Latest Legal News and Analysis

July 29, 2021

Subscribe to Latest Legal News and Analysis
Advertisement

Excellus Health Pays $5.1 Million to Resolve HIPAA Breach Involving Over 9 Million People

On January 15, 2021 the U.S. Department of Health and Human Services, Office for Civil Rights (“HHS”) announced a $5,100,000 settlement with Excellus Health Plan, Inc. ("Excellus") for violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules.

According to HHS, hackers accessed the Excellus electronic medical records system from December 2013 through May 11, 2015, resulting in the disclosure of the protected health information for over 9.3 million people.  This data included patient name, address, date of birth, email addresses, social security number, bank account information, health plan claims and clinical treatment information.    

In additional to the monetary settlement, Excellus agreed to a very thorough and detailed two-year Corrective Action Plan.

You can read the HHS Resolution Agreement and the Corrective Action Plan here.

©2021 Strassburger McKenna Gutnick & GefskyNational Law Review, Volume XI, Number 18
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Danielle L. Dietrich SMGG Attorney Pittsburgh, PA
Shareholder

Danielle L. Dietrich, Shareholder in the Pittsburgh Office of SMGG, focuses her practice in the areas of women and diverse-owned businesses, healthcare, elder law and litigation.  She has a broad range of experience in providing legal counsel and advice to her clients (both large and small), as well as having handled a wide range of disputes and litigation in Pennsylvania, Ohio and West Virginia.

A large portion of Ms. Dietrich’s practice focuses on the representation of women and diverse-owned businesses.  That practice includes assisting these...

(412) 281-5423
Advertisement
Advertisement