Connecticut State Attorney General Richard Blumenthal made a little bit of history back in January of this year when he became the first AG in the country to bring a HIPAA enforcement action, which he did against insurance giant Health Net. Now he has just made a little more by announcing he has brokered the first state settlement of such an action.
The suit came about as a result of Health Net’s loss of a hard drive containing over 500,000 individuals’ records including clinical data, social security numbers, addresses, and other financial information. According to Blumenthal, Healthnet then compounded the gaffe (which they chalked up to theft) by failing to inform those affected about what had occurred for over six months after the incident occurred.
Under the terms of the settlement Healthnet will be ordered to pay $250,000 directly to the state of Connecticut representing statutory damages (and to serve as a warning to other health insurance companies as well no doubt) They will also have to put aside a further $500,000 to cover damages should it eventually be found that the missing hard drive was accessed and that members personal information was ever used in an illegal manner. Guessing that there are still a lot of crossed fingers at Healthnet on that issue..
You can view the full settlement details here