Blumenthal sues Health Net for violation of HIPAA
Taking the first legal action for the violation of HIPAA, State Attorney General Richard Blumenthal is suing Health Net of Connecticut Inc. for allegedly failing to secure the private medical records and financial information of 446,000 Connecticut members and delaying to report a widespread security breach. The data went missing from Health Net’s Northeast office at One Far Mill Crossing. A portable disk drive containing members’ personal information, including Social Security and bank account numbers, went missing from the company in May, but Health Net did not report it until November.
The insurer issued a statement Wednesday saying: “Protecting the privacy of our members is extremely important to us. Health Net’s company policy states that data must be encrypted and secure.”
“These missing medical records included some of the most personal, intimate patient information — exposing individuals to grave embarrassment and emotional distress, as well as financial harm and identity theft,” Blumenthal said in a statement. “The staggering scope of the data loss, and deliberate delay in disclosure, are legally actionable and ethically unacceptable.”
Health Net argues that there is no evidence of any of the missing data being misused. The company is offering two years of free credit monitoring to all affected members who want it, and has said that special software is needed to decipher information contained on the missing drive.
Subscribe to the comments for this post