Published on:

First State Attorney General to Take Action against Covered Entity Responsible for Massive HIPAA Violations

Connecticut Attorney General Richard Blumenthal filed suit against Health Net of Connecticut, Inc. for its alleged failure to secure private medical and financial information involving 446,000 Connecticut enrollees.

The Health Information Technology for Economic and Clinical Health (HITECH) Act authorizes state attorneys general to bring actions on behalf of the public in order to enforce HIPAA. The Connecticut Attorney General’s case against Health Net is the first action by a state attorney general brought pursuant to this authority.

The case alleges that Health Net exposed protected health information and other personal information and failed to promptly notify appropriate authorities of the incident. The information had been saved on a portable computer disk drive, but, despite Health Net’s policies and procedures, had not been encrypted. The computer disk, which contained approximately 27.7 million scanned pages of hundreds of different types of documents, had been missing for approximately six months before Health Net took steps to notify the Attorney General and affected individuals.

This enforcement action serves as an important reminder to healthcare providers of the importance of HIPAA compliance. Compliance with these regulations goes beyond establishing policies and procedures, but also requires taking steps to ensure that employees are sufficiently educated and actually comply with them. This includes taking appropriate action in the event of a security breach of protected health information.

For more information on HIPAA compliance, please visit https://www.wachler.com/ or contact a Wachler & Associates attorney at 248-544-0888.