Connecticut Attorney General Richard Blumenthal sued Health Net of Connecticut, Inc. for HIPAA violations stemming from the loss of a portable hard drive containing the health and financial information of approximately 446,000 Connecticut enrollees in May of 2009, and the failure to notify authorities and consumers for at least 6 months.
Additionally, the AG seeks a court order preventing Health Net from continued HIPAA violations by requiring that protected health information stored on portable drives be encrypted.
A subsequent investigation found that the data, which included health records, social security numbers and bank account numbers in over 27 million scanned pages, was not encrypted or otherwise protected from unauthorized access and was viewable on commonly available software.
The case is the first action taken by a state under the HITECH Act, which enables states to enforce HIPAA violations.
Comments