March 15, 2011, 1:15 PM — If the Dept. of Health and Human Services believes in proportional response, executives at California healthcare services provider Health Net can expect someone from Washington to drop in any day to break their kneecaps.
HHS enforces the Health Insurance Portability and Accountability Act, but did it so sloppily that, in 2009, it had to promise to be more aggressive and consistent.
Three weeks ago that meant a fine of $4.3 million for Cignet Health for refusing to give patients access to their records or cooperate with the HHS' attempts to investigate. HHS also fined Massachusetts General Hospital $1 million for, after an employee left patient files on the subway.
Both are pikers compared to Health Net, which yesterday had to admit it had lost nine entire hard drives containing names, addresses, Social Security numbers and a range of other controlled data bits on 1.9 million customers -- most in California and Connecticut.
Health Net blames IBM for losing several drives in its Rancho Cordova, Calif data center.
It's not the first time, either.
In November of 2009 Health Net lost a different hard drive, seven years of personal information on 1.5 million clients. It waited six months to admit the loss.
Health Net's statement on the most recent loss offered two years of free credit monitoring services to the people whose data it lost.
Sounds like a lot more than just an occasional oversight. Sounds like it's time for someone to send Health Net a message.