Insurer Health Net lost 1.5 million patient records in May and waited six months to disclose the incident. Let's hope your diagnosis and test results come back sooner.The data, which was stored on a portable disk drive that disappeared from the insurer’s office, was unencrypted and included patient Social Security numbers, bank account numbers and health data. The disk also contained personal information on at least 5,000 physicians. And I don't believe there's a dipshit loss prevention provision in the current health coverage bill.
The company discovered the loss but never informed patients, law enforcement or government entities, despite data breach laws in some states that require data spillers to notify victims and state officials when residents are affected by a breach. The insurer finally sent a letter to Connecticut’s attorney general and the state’s Department of Insurance this week. Health Net claimed it took six months to determine what data was on the missing disk. It said that data on the disk was compressed and stored in an image format that required special software to view, which was available only to HealthNet. Gee, a special program is the security feature...yeah, that'll keep the data safe. Hackers could never crack that!
The Connecticut Attorney General vowed to pursue an investigation and legal action against the insurer. About 450,000 of the patients affected by the data loss are residents of Connecticut, which has a breach notification law. Patients in Arizona, New Jersey and New York were also affected.
Don't feel too bad if you're one of those folks - a second health insurer mailed 80,000 postcards to Medicare recipients last week that listed the patient’s Social Security number on the front of the card beneath the patient’s name. Genius! Universal American Action Network, a subsidiary of Universal American Insurance, blamed the company that printed the cards for the error but didn’t explain why the company had the patient Social Security numbers in the first place. The data leak affected patients enrolled in the Medicate Advantage plan, which uses a patient’s Social Security number as his Medicare account number. That's right up there with the birthday PIN number.
No comments:
Post a Comment