Corporate Compliance

Health Net, Inc., involved in potential HIPAA breach affecting 1.9 million patients

Compliance Monitor, March 16, 2011

For the second time in less than a year, health insurance giant Health Net, Inc., is involved in a potential major breach of clients’ protected health information (PHI).

The insurer, which serves 6 million clients, is investigating the potential loss of nine server drives from its data center operation in Rancho Cordova, CA, that contained PHI and personal information of 1.9 million past and current enrollees, the California Department of Managed Health Care (DMHC) wrote in a press release Monday.

Though Health Net did not specify how many individuals were affected in its own March 14 press release, DMHC came to the 1.9 million total after including the records of 622,000 of DMHC’s state enrollees in the breach.

If California’s numbers hold up, it would be the largest breach of unsecured PHI reported to the Office for Civil Rights. The HIPAA privacy and security rule enforcer began posting entities reporting breaches of 500 or more individuals in February 2010, per a provision of the Health Information Technology for Economic and Clinical Health (HITECH) Act.

For more information on this story, visit HCPro’s HIPAA Update.

Most Popular