As noted in Reuters:
WellPoint Inc., has warned some 470,000 people who applied for its health insurance that a website security glitch may have exposed their Social Security numbers and other sensitive data to the public….The glitch was introduced…by a contractor who upgraded the site….
A couple of things to note here:
- Large companies can (and will) continue to screw up like this and merely apologize, small companies, specifically medical practices can not. The bad local press a situation like this generates will squash a local medical practice.
- So once again I say, HIPAA is not just for Hospitals. Just like a tax audit and fine is a bump in the road for a large company, the same situation can run a small business out of business.
- The ever important Associate’s Agreement, and of course the software/website specifications clarifying the site be secure!
- If this were to happen to a medical practice that had an Associate’s Agreement in place, this would at least show that medical practice was doing everything they could to do things correctly and by the federal law.