Published: 2010-01-31 22:00:45
Author: Emily Berry | American Medical News | February 1, 2010
Connecticut Attorney General Richard Blumenthal has filed a lawsuit against California-based Health Net, alleging the company violated federal laws protecting medical records when a portable data drive disappeared.
According to Blumenthal's office, the Jan. 13 lawsuit is the first action by an attorney general acting under the Health Information Technology for Economic and Clinical Health, or HITECH Act (part of the 2009 federal stimulus package) to enforce privacy laws under the Health Insurance Portability and Accountability Act."Sadly, this lawsuit is historic -- involving an unparalleled health care privacy breach and an unprecedented state enforcement of HIPAA," Blumenthal said in a statement.
The lawsuit says the drive contained 27.7 million pages of scanned documents containing information about 446,000 enrollees and their physicians. The data was not encrypted, the lawsuit said, as required by HIPAA and by Health Net's own corporate policy.
UnitedHealth Group, which late last year won approval from state insurance commissioners to take control of Health Net's business in Connecticut, New Jersey and New York, is also named as a defendant in the case.Connecticut State Medical Society Executive Vice President Matthew Katz praised the attorney general's action.
"It is such an important issue, because it deals with personal information not only for patients but physician data that was taken," he said.
Katz said he hoped the attorney general's action would force Health Net not only to respond correctly to the breach, but also to adopt new policies to protect sensitive information in the future.
According to Health Net, the lost drive contained medical records dating to 2002 and included information about both members and network physicians in New York, New Jersey and Connecticut.
Health Net claimed the data would have been nearly impossible to decipher without special software owned by Health Net.
Full story