CT Settles With Health Net Over Security Breach
Connecticut Tuesday announced that it has reached a settlement with Health Net and its affiliates over the failure last year to secure the private medical records of 1.5 million policyholders and for the insurers' delay in reporting the breach.
Connecticut Attorney General Richard Blumenthal said the settlement imposes a $250,000 fine on the company for HIPAA and HITECH violations, and requires the insurers to adopt rigorous security and notification measures.
The settlement involves Health Net of the Northeast, Inc., Health Net of Connecticut Inc., and parent companies UnitedHealth Group Inc. and Oxford Health Plans.
Blumenthal said the insurers cooperated with the settlement, accepted responsibility for breach, and agreed to a remedial action plan.
The May 14, 2009 loss or theft of a portable computer disk drive at the company's Shelton, CT office impacted about 446,000 Connecticut policy and 1 million other policy holders across the nation. The breached data included personal health records, bank account numbers, and social security numbers. Health Net waited until Nov. 30 to provide notice of the breach.
The information included 27.7 million scanned pages of more than 120 different types of documents, including insurance claim forms, membership forms, appeals, grievances, correspondence, and medical records.
- MU Compliance Announcement Sparks Concern, Confusion
- New G-Codes to Pay Doctors for Broad Array of Non-Face-to-Face Care
- Scary Financial Challenges for 2014
- Telehealth Improves Patient Care in ICUs
- CMS Sets 2014 Pay Rates for Hospital Outpatient and Physician Services
- 1 in 5 CT Screenings for Lung Cancer Results in Overdiagnosis
- LifePoint Bolsters Presence in Michigan's Upper Peninsula
- MGMA Urges 'End-to-End' ICD-10 Testing
- States Rejecting Medicaid Expansion Forgo Billions in Federal Funds
- Douglas Hawthorne—A Chance to Do Something Big