WellPoint Pays HHS $1.7 Million for Leaving Information Accessible Over Internet

July 15, 2013

The managed care company WellPoint Inc. has agreed to pay the U.S. Department of Health and Human Services (HHS) $1.7 million to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules.

This case sends an important message to HIPAA-covered entities to take caution when implementing changes to their information systems, especially when those changes involve updates to Web-based applications or portals that are used to provide access to consumers’ health data using the Internet.

The HHS Office for Civil Rights (OCR) began its investigation following a breach report submitted by WellPoint as required by the Health Information Technology for Economic and Clinical Health, or HITECH Act. The HITECH Breach Notification Rule requires HIPAA-covered entities to notify HHS of a breach of unsecured protected health information.

The report indicated that security weaknesses in an online application database left the electronic protected health information (ePHI) of 612,402 individuals accessible to unauthorized individuals over the Internet.


USCIS Enhances E-Verify’s Capability to Directly Notify Employees of an Information Mismatch

July 1, 2013

USCIS is announcing its latest customer service enhancement to E-Verify that will allow direct notification to employees. Currently, if there is a record mismatch that needs to be resolved before the employee can be confirmed as work authorized, a Tentative Nonconfirmation (TNC) is issued to the employer, who must then contact the affected employee.  Now, with this new enhancement, if an employee voluntarily provides his or her email address on the Form I-9, E-Verify will notify the employee of a TNC at the same time it notifies the employer. TNCs occur when information an employer provides to E-Verify about an employee does not match the data found in either U.S. Department of Homeland Security or Social Security Administration records.

This latest enhancement to E-Verify is made possible by a recent revision to Form I-9, Employment Eligibility Verification, used to verify the identity and employment authorization of persons hired for work in the United States. The revised Form I-9 allows employees to voluntarily provide their email address.  If a TNC is received, employees who have provided their email address will be directly notified of the TNC by USCIS. Providing an email address is completely voluntary and employers are still required to notify all employees when there is a mismatch of information and a TNC is received.

In addition to providing the initial notice of a TNC, E-Verify will send reminder emails to employees if no action to resolve the TNC has occurred within four days of a decision to contest and to notify them about the possible need to update a Social Security or Department of Homeland Security record.

This latest customer service enhancement to E-Verify is part of our ongoing efforts to highlight employee rights and responsibilities by providing employees with knowledge about their verification status.

HoneyBaked Ham to Pay $370K to Settle EEOC Sexual Harassment and Retaliation Lawsuit

July 1, 2013

The Original HoneyBaked Ham Company of Georgia, based in Alpharetta, Ga., will pay $370,000 and furnish other relief to settle a sexual harassment and retaliation lawsuit filed by the U.S. Equal Employment Opportunity Commission (EEOC) in Colorado, the agency recently announced.

According to the EEOC’s lawsuit, female HoneyBaked Ham employees in Colorado stores were subjected to sexual harassment and were fired or otherwise retaliated against if they complained. The lawsuit springs from the charge of discrimination brought to the EEOC by Wendy Cabrera, a former supervisor in the Highlands Ranch, Colo., store.  The EEOC charged that Cabrera and other female employees were harassed, but when she reported her complaint up the chain of command and to HoneyBaked Ham headquarters in Georgia, she was terminated.

Sexual harassment and retaliation for complaining about it violate Title VII of the Civil Rights Act of 1964.  The EEOC filed suit in U.S. District Court for the District of Colorado (EEOC v. The Original HoneyBaked Ham Company of Georgia, Inc., Case No. 1:11-cv-02560-MSK-MEH) after first attempting to reach a pre-litigation settlement through its conciliation process.

HoneyBaked Ham has agreed to pay $370,000 to Cabrera and a class of female employees to resolve this case.  The company entered into a consent decree and agreed to ensure that all of its employees are trained on sexual harassment and the anti-retaliation provisions of Title VII, and managers are additionally to receive training on handling sexual harassment and how to respond to complaints.  HoneyBaked Ham will also report to the EEOC on gender discrimination, including sexual harassment complaints in Colorado during the decree’s duration.

“In my eyes, justice has been served, positively impacting all of our lives in a way that we will never forget in our lifetime,” Cabrera said.