On October 15, the U.S. Department of Health and Human Services Office for Civil Rights ("OCR") announced that a health insurance company agreed to pay $16 million and implement a corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act ("HIPAA") related to a data breach. The company discovered the breach in January 2015 that may have exposed the electronic protected health information of almost 79 million people between December 2, 2014, and January 27, 2015. The settlement represents the largest settlement paid to OCR, more than doubling the previous highest amount of $5.55 million in 2016.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.