
Health Insurer Loses 1.5 Million Patient Records - phsr
http://www.wired.com/threatlevel/2009/11/healthnet/
======
jrockway
_“My investigation will seek to establish what happened and why the company
kept its customers and the state in the dark for so long,” Blumenthal told the
Hartford Business Journal. “The company’s failure to safeguard such sensitive
information and inform consumers of its loss — leaving them naked to identity
theft — may have violated state and federal laws. I will vigorously and
aggressively seek damages, penalties and other appropriate remedies, if
warranted.”_

Excellent. I am glad that this is being taken seriously.

------
bhousel
It would seem that they have violated HIPAA by both losing the data and not
informing anyone about it.

Violations and Penalties here: [http://www.ama-assn.org/ama/pub/physician-
resources/solution...](http://www.ama-assn.org/ama/pub/physician-
resources/solutions-managing-your-practice/coding-billing-
insurance/hipaahealth-insurance-portability-accountability-act/hipaa-
violations-enforcement.shtml)

Note that "The DOJ concluded that the criminal penalties for a violation of
HIPAA are directly applicable to covered entities—including health plans,
health care clearinghouses, health care providers who transmit claims in
electronic form, and Medicare prescription drug card sponsors."

I would think that a data loss like this would likely hit the maximum $1.5m
fine..

