FROM THE FOUNDATION

Store-and-Forward Teledermatology Facts

Dermatologists can serve many more patients by making use of store-and-forward teledermatology systems. This CHCF paper looks at criteria for evaluating these systems, and gives a comparative overview of four available applications.

Clinics Collaborate on EHR Deployment

EHRs can help California's safety-net clinic patients, and collaboration between clinics can significantly smooth the way to successful adoption. This issue brief looks at the lessons learned by eight clinic networks.

Telepsychiatry in the Emergency Room

Telepsychiatry is used in some emergency departments to make the process of evaluating and treating patients with mental health issues more efficient. This paper examines seven ED telepsychiatry programs.

Privacy and Security

Thursday, November 19, 2009

Health Net Reports Data Breach Affecting 1.5M Members Nationwide

On Wednesday, the insurance company Health Net reported the loss of a portable external hard drive that contained seven years of medical and personal data on about 1.5 million members, the Hartford Courant reports.

The company said it lost the hard drive six months ago.

Data Breach Details

The hard drive contained Social Security numbers, medical records and health data of Health Net members in Arizona, Connecticut, New Jersey and New York (Sturdevant, Hartford Courant, 11/19). The missing data also included bank account information.

Although the information was compressed, it was not encrypted. Health Net officials said the files were formatted as images that cannot be read without special software (Bordonaro, Hartford Business Journal, 11/18).

Health Net said it has no evidence that anyone has misused the missing data (Baruzzi, New Haven Register, 11/19).

Investigations

Connecticut Attorney General Richard Blumenthal (D) and state Insurance Commissioner Thomas Sullivan said they would investigate whether Health Net violated state law by waiting months to report the data breach (Hartford Courant, 11/19).

State law requires organizations to notify consumers and state officials about data breaches "without unreasonable delay" (AP/Boston Globe, 11/18).

The company said it waited to report the incident because it was working to determine what information the hard drive contained (Hartford Courant, 11/19).

The Health Net data breach comes less than a month after Blumenthal announced plans to investigate whether the BlueCross BlueShield Association violated state law by waiting months to inform affected individuals about a stolen laptop that contained information on health care providers (New Haven Register, 11/19).

Health Net Next Steps

Health Net said it plans to send out letters to notify affected customers about the breach.

The company also said it will provide no-cost credit monitoring for more than two years to all affected members. In addition, the company said it would offer assistance to any customer that experienced fraud or identity theft following the data breach (Hartford Courant, 11/19).



Readers are invited to send feedback to: ihb@chcf.org

Click to register for iHealthBeat