Insurer's data loss deserves a drastic punishment

Health Net doesn't lose records; it loses hard drives

By  

If the Dept. of Health and Human Services believes in proportional response, executives at California healthcare services provider Health Net can expect someone from Washington to drop in any day to break their kneecaps.

HHS enforces the Health Insurance Portability and Accountability Act, but did it so sloppily that, in 2009, it had to promise to be more aggressive and consistent.

Three weeks ago that meant a fine of $4.3 million for Cignet Health for refusing to give patients access to their records or cooperate with the HHS' attempts to investigate. HHS also fined Massachusetts General Hospital $1 million for, after an employee left patient files on the subway.

Both are pikers compared to Health Net, which yesterday had to admit it had lost nine entire hard drives containing names, addresses, Social Security numbers and a range of other controlled data bits on 1.9 million customers -- most in California and Connecticut.

Health Net blames IBM for losing several drives in its Rancho Cordova, Calif data center.

It's not the first time, either.

In November of 2009 Health Net lost a different hard drive, seven years of personal information on 1.5 million clients. It waited six months to admit the loss.

Health Net's statement on the most recent loss offered two years of free credit monitoring services to the people whose data it lost.

Sounds like a lot more than just an occasional oversight. Sounds like it's time for someone to send Health Net a message.

Kevin Fogarty writes about enterprise IT for ITworld. Follow him on Twitter @KevinFogarty.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question