Health Net Fined $55K for Data Breach
Another state attorney general is using new enforcement powers granted by HITECH – again, at the expense of Health Net, Inc.
Health insurance giant Health Net has been fined by the state of Vermont over the insurer's loss of a portable disk drive that exposed the protected health information (PHI) of 1.5 million people, including 525 Vermonters.
This is the second HIPAA enforcement action of its kind since HITECH in February 2009 granted state attorneys general HIPAA enforcement authority. Connecticut's AG was first.
Health Net discovered the drive was missing May 14 but did not start notifying affected Vermont residents until more than six month later, the state AG's office reported in a press release.
Attorney General William Sorrell's January 14 complaint against Health Net, Inc., and Health Net of the Northeast, Inc. charges the insurer with violations of HIPAA, Vermont's Security Breach Notice Act, and the Consumer Fraud Act.
The settlement also calls for Health Net to submit to a data-security audit and file reports with Vermont regarding its information security programs for the next two years.
- CFO Exchange: Smartphones Poised to Disrupt Healthcare, Says Topol
- Consumerism Drives Healthcare Branding, Rebranding Efforts
- CNO on Hospital Redesign: 'You Can't Over-Communicate'
- How Digital Strategy Shapes Patient Engagement at Boston Children's Hospital
- PA Ranks See 'Phenomenal Growth,' Lack of Diversity
- 3 Traits Personality Assessments Can't Reveal
- Half of All Primary Care, Internal Medicine Jobs Unfilled in 2013
- Carondelet to Pay $35M to Settle Fraud Allegations
- Antibiotic Overuse a 'Huge Threat' to Patient Safety, Says CDC
- CHS Hacked, 4.5M Patient Records Compromised