CA Investigating Latest Health Net Data Breach
Health Net says that it provides health benefits to approximately 6 million people in the U.S. through health plans and government-sponsored managed care plans in group, individual, Medicare Part D, Medicaid, Department of Defense and TRICARE and Veterans Affairs programs. Its behavioral health services subsidiary, Managed Health Network, Inc., provides behavioral health, substance abuse and employee assistance programs to approximately 5.4 million individuals.
Health Net also includes this statement: "To help protect the personal information of affected individuals, Health Net is offering them two years of free credit monitoring services, including fraud resolution and, if necessary, restoration of credit files, as well as identity theft insurance. These services will be provided through the Debix Identity Protection Network."
The files reportedly went missing from Health Net's data center in Rancho Cordova, near Sacramento.
This is the second time in less than a year that the large national health plan had a major breach of personal health information.
In January of this year, Health Net paid for the third time over its loss of a portable disk drive that exposed PHI of 1.5 million people. Vermont's state attorney general fined the insurer $55,000; the case included 525 Vermonters.
Health Net discovered the drive was missing May 14 but did not start notifying affected parties until more than six month later, the state AG's office reported.
Vermont Attorney General William Sorrell's January 14 complaint against Health Net, Inc., and Health Net of the Northeast, Inc. charges the insurer with violations of HIPAA, Vermont's Security Breach Notice Act, and the Consumer Fraud Act.
Regarding the same breach, Health Net not only settled with the Connecticut state attorney general's office for $250,000, but also with the Connecticut Insurance Commission. That state AG's office reached a settlement with Health Net in which the insurer had to pay the state $375,000 in penalties for failing to safeguard the personal information of its members from misuse by third parties.
Additional reporting provided by HCPro's Dom Nicastro.
Cheryl Clark is senior quality editor and California correspondent for HealthLeaders Media. She is a member of the Association of Health Care Journalists.
- Two-Midnight Rule Must be Fixed or Replaced, Say Providers
- Care Coordination Tough to Define, Measure
- CDC Warns of Antibiotic Overuse in Hospitals
- Don't Underestimate Emotional Intelligence
- HIMSS: Software Bugs, Shifting Alliances Unsettling for CIOs
- AHRQ: Surgical Admissions Bring 48% of Hospital Revenue
- Evidence-Based Practice and Nursing Research: Avoiding Confusion
- SCOTUS Review of NC Board Case 'A Very Big Deal' to Providers
- The Secret to Physician Engagement? It's Not Better Pay
- Physicians Take SGR Repeal Message to Washington