Health Net fined $55,000 for data breach
Compliance Monitor, January 26, 2011
Want to receive articles like this one in your inbox? Subscribe to Compliance Monitor!
Health Net, Inc. agreed to pay the Vermont government $55,000 to resolve charges that the healthcare insurer violated the HIPAA privacy rule, Vermont’s Security Breach Notice Act, and Consumer Fraud Act, according to a January 24 HealthLeaders Media article.
Health Net discovered that a portable hard drive containing protected health information, social security numbers, and financial information of approximately 1.5 million people, including 525 Vermonters was missing on May 14, 2009. However, the company did not notify affected Vermont residents until more than six months later. The settlement alleges that the six month delay violates the Security Breach Notice Act, which requires data collectors to notify affected individuals of security breaches “in the most expedient time possible and without unreasonable delay.”
The settlement further alleges that Health Net violated the HIPAA privacy rule by failing to secure protected health information and violated the Consumer Fraud Act by misrepresenting the risk posed to affected individuals in the company’s notice letters.
Want to receive articles like this one in your inbox? Subscribe to Compliance Monitor!
Related Products
-
Healthcare Life Safety Compliance
Learn Life Safety Code tips and interpretations for healthcare facilities with this in-depth monthly resource.
-
Strategies for Health Care Compliance
News and real-life examples to increase the effectiveness of your compliance program. Strategies for Health Care Compliance...
-
Stark Law, 2nd edition: A user's guide to achieving compliance
This updated version of HCPro's Stark Law best seller, first published in 2005—and now co-authored by former CMS Stark...
-
The Compliance Officer's Handbook, 2nd Edition
This revised edition is packed with even more practical tools, case studies, tips and tools, sample audits, and sample...
-
The Privacy Officer's Handbook, Second Edition
Privacy and security requirements now extend to business associates and vendors of personal health records. Individuals, not...
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- Catch up on what's new with injections and infusions
- Identify potential Medicaid RAC target areas
- Capturing all necessary codes for IUD insertion and removal can be challenging
- Topic: CMS, OESS post new security compliance review information, checklist
- What does case-mix index mean to you?
- OB services: Coding inside and outside of the package
- Q/A: Coding infusions to correct low potassium levels
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- HIPAA Q&A: Level of encryption needed for email
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- CMS has reformulated payments for some bilateral procedures
- Q&A: Follow CMS' coding guidelines when using modifier -25
- Understand the spine to code back procedures correctly
- What does case-mix index mean to you?
- Catch up on what's new with injections and infusions
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- Searched