TRENDING:

State Lawsuit a Sign of Times

Connecticut case may be tip of iceberg Howard Anderson (ismg_editor) • February 1, 2010    
State Lawsuit a Sign of Times
When the Connecticut attorney general recently filed a lawsuit against an insurance company for HIPAA security violations, it was a sign of things to come.

Under the HITECH Act, state attorneys general now can bring a civil action in federal court for violations of healthcare security and privacy rules.

The Connecticut case, filed Jan. 13 against Health Net, likely is the start of a wave of state cases to come, predicts security consultant Kate Borten of the Marblehead (Mass.) Group. "Enabling state attorneys general to enforce the HIPAA rules is a powerful tool," she says.

More complaints ahead?

More consumers are likely to file complaints at the state level rather than attempt to navigate through the federal bureaucracy, she argues. "We'll see many more complaints now, and we'll see states taking a big role in enforcement," she predicts.

Until now, many smaller healthcare organizations, such as clinics, "felt pretty comfortable that they wouldn't be on the radar screen of the federal government" if they were guilty of a security violation, Borten says. Now that states are also involved in enforcement, organizations of all sizes know that they face potential penalties for their actions, she argues.

The case

On Jan. 13, Connecticut Attorney General Richard Blumenthal filed a lawsuit against Health Net of Connecticut Inc. in a case involving the loss of a portable disk drive holding records for about 446,000 enrollees.

The company failed to promptly notify state officials or the individuals affected when the hard drive disappeared from an office in Shelton, Conn., on May 14, 2009, the lawsuit alleges.

The drive contained 28 million scanned, unencrypted pages of documents, such as claims and membership forms, appeals, grievances and medical records. These included names, addresses, bank account numbers and Social Security numbers, according to the lawsuit.

The insurer was acquired by a unit of UnitedHealth Group in December 2009.

Previous
HITECH as a Security Plan Catalyst
Next
HITECH Gives Encryption a Boost

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.



Around the Network

How 2U Inc. Is Fortifying Its Systems and Solutions Designs
How 2U Inc. Is Fortifying Its Systems and Solutions Designs
Are We Doomed? Not If We Focus on Cyber Resilience
Are We Doomed? Not If We Focus on Cyber Resilience
Organization-Wide Passwordless Orchestration
Organization-Wide Passwordless Orchestration
Protecting the Hidden Layer in Neural Networks
Protecting the Hidden Layer in Neural Networks
Craig Box of ARMO on Kubernetes and Complexity
Craig Box of ARMO on Kubernetes and Complexity
Securing the SaaS Layer
Securing the SaaS Layer
The Persisting Risks Posed by Legacy Medical Devices
The Persisting Risks Posed by Legacy Medical Devices
Whistleblowing Brings Visibility to the Role of CISOs
Whistleblowing Brings Visibility to the Role of CISOs
Showing Evidence of 'Recognized Security Practices'
Showing Evidence of 'Recognized Security Practices'
David Derigiotis on the Complex World of Cyber Insurance
David Derigiotis on the Complex World of Cyber Insurance

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.