Connecticut Attorney General Richard Blumenthal has announced a settlement with Los Angeles-based Health Net and its affiliates for failing to secure private patient medical records and financial information on nearly a half million Connecticut enrollees and promptly notify consumers endangered by the breach.
The settlement provides powerful protections for consumers and a $250,000 payment to the state -- and marks the first action by a state attorney general for violations of the federal Health Insurance Portability and Accountability Act of 1996 (HIPAA) since the Health Information Technology for Economic and Clinical Health Act (HITECH) authorized state attorneys general to enforce HIPAA.
The agreement resolves allegations that Health Net violated HIPAA, as well as state privacy protections regarding personal data such as social security numbers and financial information.
Blumenthal sued after Health Net allegedly lost a computer disk drive in May 2009 containing protected health and other private information on more than 500,000 Connecticut citizens` and 1.5 million consumers nationwide. The missing disk drive contained names, addresses, social security numbers, protected health information and financial information.