Health insurance giant Health Net, Inc. has formally reported its potential breach affecting the health records of 1.9 million past and current enrollees to the Office for Civil Rights (OCR), officially making the March breach the largest published on the OCR website.
OCR began posting entities that report breaches affecting 500 or more individuals in February 2010, as required by the Health Information Technology for Economic and Clinical Health (HITECH) Act.
On the Health Net report, the "type of breach" is "unknown," and the "location of breached info" is listed as "other."
Last month, for the second time in less than a year, Health Net announced an investigation into the potential loss of nine server drives that included personal health information and personal information of past and current enrollees from its data center operation in Rancho Cordova, CA.
The insurer, which serves 6 million, did not initially release the number of affected individuals.
- Names
- Addresses
- Health information
- Social Security numbers
- Financial information
IBM, a business associate of Health Net that manages its IT infrastructure, notified the insurer that it could not locate several server drivers. IBM manages Health Net's IT infrastructure.
The OCR previously listed the New York City Health and Hospitals Corporation (HHC) as having the largest breach. HHC's breach affected 1.7 million affected patients, staff, contractors, vendors, and others who were treated by and/or provided services during the past 20 years after personal information was stolen from a van of a business associate in Manhattan.
Pages
Dom Nicastro is a contributing writer. He edits the Medical Records Briefings newsletter and manages the HIPAA Update Blog.