First HITECH State Settlement

This week we are having a special guest lecturer come in and discuss the Health Information Technology for Economic and Clinical Health (HITECH) Act, HIPAA, and how the Massachusetts encryption regulations are affecting the medical industry.  Ahead of his lecture, I thought I’d share some groundbreaking news about the first HITECH case to be filed, and finished, by a state.

A Connecticut case, which was the  first action by a state attorney general under the HITECH Act to enforce provisions of HIPAA, has resulted in $375,000 fine.  Connecticut Insurance Commissioner Sullivan announced on Nov. 8th that Health Net of Connecticut, Inc. had agreed to pay the fine for failing to safeguard the personal information of its members. The penalties were part of a large settlement agreement.  The agreement also requires Health Net to provide credit monitoring protection for two years to all affected members and providers in Connecticut.

The case was filed as a result of a lost or stolen external hard drive.  The drive contained medical claims and financial information of nearly 1.5 million Health Net customers, including approximately 500,000 Connecticut residents and had “disappeared” in May 2009.

In addition to the HITECH violation, the original complaint also alleges a violation of Connecticut’s breach notification statute.  As you recall from class, forty-six states, the District of Columbia, Puerto Rico, and the Virgin Islands have enacted legislation requiring notification of security breaches involving personal information.  You can see the updated list and the links to the state statutes here.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s