Dive Brief:
- Health insurer Triple-S Management has been hit with a $6.8 million fine by the Puerto Rico Health Insurance Administration over a security breach at the company's subsidiary.
- The fine is not related to the HHS Office for Civil Rights, which enforces HIPAA privacy and security rules. However, it is a larger fine than any imposed for HIPAA violations by OCR.
- The fine stems from an incident in which subsidiary Triple-S Salud inadvertently mailed pamphlet that included beneficiaries' Medicare health claim numbers to 13,336 of its dual eligible beneficiaries (those eligible for both Medicaid and Medicare).
Dive Insight:
This punishment goes to show you just how seriously regulators take each individual instance of a HIPAA violation. Triple-S's fine includes $500 per affected individual, as well as an additional $100,000 penalty because the organization failed to cooperate with the administration investigation.