CT Settles With Health Net Over Security Breach
Connecticut Tuesday announced that it has reached a settlement with Health Net and its affiliates over the failure last year to secure the private medical records of 1.5 million policyholders and for the insurers' delay in reporting the breach.
Connecticut Attorney General Richard Blumenthal said the settlement imposes a $250,000 fine on the company for HIPAA and HITECH violations, and requires the insurers to adopt rigorous security and notification measures.
The settlement involves Health Net of the Northeast, Inc., Health Net of Connecticut Inc., and parent companies UnitedHealth Group Inc. and Oxford Health Plans.
Blumenthal said the insurers cooperated with the settlement, accepted responsibility for breach, and agreed to a remedial action plan.
The May 14, 2009 loss or theft of a portable computer disk drive at the company's Shelton, CT office impacted about 446,000 Connecticut policy and 1 million other policy holders across the nation. The breached data included personal health records, bank account numbers, and social security numbers. Health Net waited until Nov. 30 to provide notice of the breach.
The information included 27.7 million scanned pages of more than 120 different types of documents, including insurance claim forms, membership forms, appeals, grievances, correspondence, and medical records.
- FDA hopes hospitals will switch to newly regulated pharmacies
- CMS Sets 2014 Pay Rates for Hospital Outpatient and Physician Services
- New G-Codes to Pay Doctors for Broad Array of Non-Face-to-Face Care
- States Rejecting Medicaid Expansion Forgo Billions in Federal Funds
- Why You Should Involve Patients in Nursing Handoffs
- Not-for-Profit Hospitals Find Opportunity Amid Uncertainty
- Substance Abuse Resurfaces Among Anesthesiologists in Training
- Douglas Hawthorne—A Chance to Do Something Big
- Safety Net Executives Renew Call to Preserve DSH Payments
- The Most Polarizing Topics in Healthcare IT