Premera Blue Cross (Premera) has agreed to settle with the Office for Civil Rights (OCR) for $6.85 million over allegations of violations of HIPAA after an investigation of a data breach that occurred in 2014 affecting 10.4 million individuals. This is the largest settlement the OCR has entered into with a covered entity in 2020,

Following an investigation led by the Washington Attorney General, Premera Blue Cross has agreed to pay $10 million to 30 states after experiencing a data breach in 2014 that compromised the Protected Health Information of over 10 million individuals. $5.4 million of the settlement amount will be paid to the Washington State Attorney General’s Office

The Anthem and Premera Blue Cross data breaches caused widespread panic throughout the employer health plan community earlier this year. For many, these data breach announcements served as a wakeup call for employer health plan sponsors to review and further refine their business associate contracts.

As a health plan sponsor, the employer is responsible for