Health Net Settles with Connecticut AG: Up to $750,000
What I would consider the sound of the first shoe dropping is the $750K settlement with Connecticut. Next will be the fines and penalties from OCR. This is a serious warning about the power of state Attorneys General on enforcement of HIPAA HITECH.
Here in California we have Jerry Brown, our current AG, running for Governor. Anthem Blue Cross, who are already the poster child for outrageous price increases also just announced a breach of over 200,000 patient records. Do you think Jerry is likely to file a suit and get some nice headlines about protecting patients? I would bet on it.
Steve Poizner the current California Insurance Cpmmisioner who lost the Republican nomination for Governor got some great press out of getting Anthem to withdraw their outrageous price increase.
Health Net Settles Massive Security Breach
By BOB CONNORS
Updated 3:00 PM EDT, Tue, Jul 6, 2010
Connecticut has settled a lawsuit with an insurance company involving a massive security breach that compromised financial and medical records for half-a-million state residents.
In May 2009, Health Net lost a disk drive containing names, addresses, social security numbers and medical information for 500,000 Connecticut residents and 1.5 Million patients nationwide. The company didn't report the missing disk for months.
Attorney General Richard Blumenthal says an investigation by Health Net concluded the disk was most likely stolen. "These missing medical records included some of the most personal, intimate patient information -- exposing individuals to grave embarrassment and emotional distress, as well as financial harm and identity theft," Blumenthal said.
The settlement involves Health Net of the Northeast Inc., Health Net of Connecticut Inc. and parent companies UnitedHealth Group Inc. and Oxford Health Plans.
Blumenthal calls the settlement historic, with the state's unprecedented enforcement of the federal Health Insurance Portability and Accountability Act (HIPAA). The 1996 act helps protect patients' medical records.
Under the settlement, Health Net agreed to implement measures to protect health information and other private data. The company will also pay the state a $250,000 fine, and agreed to an additional $500,000 payment if the missing disk drive was accessed and the information on it was used improperly.
Subscribe via RSSCategories
- HIPAA HITECH Act
- HIPAA Covered Entity
- HIPAA Business Associates
- Health Information Privacy
- HIPAA Compliance Online Software
- HIPAA Compliant Checklist
Recent Blog Posts
- Business Associates Need HIPAA HITECH Compliant Policies and Procedures, Now/1
- Minnesota Attorney General Sues Business Associate for HIPAA HITECH Data Breach
- HIPAA HITECH Data Breach Costs Small Business Associate $300,000
- HIPAA HITECH Rules De Facto Standard?
- HIPAA HITECH Data Breach: $1000 Per Patient?
- Senate Hearings Focus on Lack of HIPAA Enforcement, Final HITECH Rule
- more from the blog
