Community Hospitals
e-Newsletter
Intelligence Unit Special Reports Special Events Subscribe Sponsored Departments Follow Us

Twitter Facebook LinkedIn RSS

CA Investigating Latest Health Net Data Breach

Cheryl Clark, for HealthLeaders Media, March 15, 2011

Health Net says that it provides health benefits to approximately 6 million people in the U.S. through health plans and government-sponsored managed care plans in group, individual, Medicare Part D, Medicaid, Department of Defense and TRICARE and Veterans Affairs programs. Its behavioral health services subsidiary, Managed Health Network, Inc., provides behavioral health, substance abuse and employee assistance programs to approximately 5.4 million individuals.

Health Net also includes this statement: "To help protect the personal information of affected individuals, Health Net is offering them two years of free credit monitoring services, including fraud resolution and, if necessary, restoration of credit files, as well as identity theft insurance. These services will be provided through the Debix Identity Protection Network."

The files reportedly went missing from Health Net's data center in Rancho Cordova, near Sacramento.

This is the second time in less than a year that the large national health plan had a major breach of personal health information.

In January of this year, Health Net paid for the third time over its loss of a portable disk drive that exposed PHI of 1.5 million people. Vermont's state attorney general fined the insurer $55,000; the case included 525 Vermonters.

Health Net discovered the drive was missing May 14 but did not start notifying  affected parties until more than six month later, the state AG's office reported.

Vermont Attorney General William Sorrell's January 14 complaint against  Health Net, Inc., and Health Net of the Northeast, Inc. charges the  insurer with violations of HIPAA, Vermont's Security Breach Notice Act,  and the Consumer Fraud Act.

Regarding the same breach, Health Net not only settled with the Connecticut state attorney general's office for $250,000, but also with the Connecticut Insurance Commission. That state AG's office reached a settlement with Health Net in  which the insurer had to pay the state $375,000 in penalties for failing  to safeguard the personal information of its members from misuse by  third parties.

Additional reporting provided by HCPro's Dom Nicastro.


Cheryl Clark is senior quality editor and California correspondent for HealthLeaders Media. She is a member of the Association of Health Care Journalists.
Twitter

Comments are moderated. Please be patient.

1 comments on "CA Investigating Latest Health Net Data Breach"


David Harlow JD MPH (3/15/2011 at 9:51 AM)
It's both surprising and unsurprising that this has happened again to HealthNet. See http://j.mp/9ICQtq for more detail on the CT case last year. See http://j.mp/ebf0Lv and http://j.mp/grXqMf for info on recent MA and MD cases (not HealthNet). In these several cases, we have examples of individual sloppiness, of ineffective corporate policies and procedures, and of gross neglect/fraud/incompetence. The question arises: is HIPAA (and the state law analogues) the right instrument to address all three sorts of problems? Since it seems that it is not having an effect on any of them, I would suggest that the answer is no. We need to retrench and figure out how best to address each of these scenarios.