Intelligence Unit
Special Reports
Special Events
Subscribe
Sponsored
Departments
- Leadership
- Finance
- Technology
- Physicians
- Community Hospitals
- Health Plans
- Marketing
- Quality
- Nursing
- HR
Follow Us
CA Investigating Latest Health Net Data Breach
Health Net says that it provides health benefits to approximately 6 million people in the U.S. through health plans and government-sponsored managed care plans in group, individual, Medicare Part D, Medicaid, Department of Defense and TRICARE and Veterans Affairs programs. Its behavioral health services subsidiary, Managed Health Network, Inc., provides behavioral health, substance abuse and employee assistance programs to approximately 5.4 million individuals.
Health Net also includes this statement: "To help protect the personal information of affected individuals, Health Net is offering them two years of free credit monitoring services, including fraud resolution and, if necessary, restoration of credit files, as well as identity theft insurance. These services will be provided through the Debix Identity Protection Network."
The files reportedly went missing from Health Net's data center in Rancho Cordova, near Sacramento.
This is the second time in less than a year that the large national health plan had a major breach of personal health information.
In January of this year, Health Net paid for the third time over its loss of a portable disk drive that exposed PHI of 1.5 million people. Vermont's state attorney general fined the insurer $55,000; the case included 525 Vermonters.
Health Net discovered the drive was missing May 14 but did not start notifying affected parties until more than six month later, the state AG's office reported.
Vermont Attorney General William Sorrell's January 14 complaint against Health Net, Inc., and Health Net of the Northeast, Inc. charges the insurer with violations of HIPAA, Vermont's Security Breach Notice Act, and the Consumer Fraud Act.
Regarding the same breach, Health Net not only settled with the Connecticut state attorney general's office for $250,000, but also with the Connecticut Insurance Commission. That state AG's office reached a settlement with Health Net in which the insurer had to pay the state $375,000 in penalties for failing to safeguard the personal information of its members from misuse by third parties.
Additional reporting provided by HCPro's Dom Nicastro.
Cheryl Clark is senior quality editor and California correspondent for HealthLeaders Media. She is a member of the Association of Health Care Journalists.
- $6.4B Henry Ford, Beaumont Merger Failed on Cultural Hurdles
- Don't Let Nurses Sink Your Bottom Line
- Hospitals Profit On Bloodstream Infections
- Fortunately, Angelina Jolie Isn't On Medicare
- Less Blood Testing for Some Surgeries Safe, Cost Effective
- Lower ED Margins Demand a Better Strategy
- How Chargemaster Data May Affect Hospital Revenue
- Primary Care Docs Average More Hospital Revenue Than Specialists
- House Lawmakers Grill CMS Over Health Exchange Navigators
- ED Physicians Key to Half of Hospital Admissions
Comments are moderated. Please be patient.
David Harlow JD MPH (3/15/2011 at 9:51 AM)
It's both surprising and unsurprising that this has happened again to HealthNet. See http://j.mp/9ICQtq for more detail on the CT case last year. See http://j.mp/ebf0Lv and http://j.mp/grXqMf for info on recent MA and MD cases (not HealthNet). In these several cases, we have examples of individual sloppiness, of ineffective corporate policies and procedures, and of gross neglect/fraud/incompetence. The question arises: is HIPAA (and the state law analogues) the right instrument to address all three sorts of problems? Since it seems that it is not having an effect on any of them, I would suggest that the answer is no. We need to retrench and figure out how best to address each of these scenarios.