In the past several days Health Net made the news…in ways they would rather not have…
First this on 2/22:
“L.A. says Health Net illegally halts insurance”
“Los Angeles’ city attorney has sued Health Net Inc. – one of California’s largest insurers – accusing the company of unlawful and deceptive business practices for canceling coverage after patients make medical claims”
and
“Delgadillo said he’s also initiating a criminal investigation into Health Net’s practice of awarding employee bonuses for meeting annual goals for policy rescissions. State regulators in November fined Health Net $1 million for lying to investigators about engaging in this practice.”
And then on 2/27:
“103,000 Doctors’ Social Security Numbers Posted on Website by Accident”
From the reports it sounds like Health Net has poor information security practices…a passage from the report…
“Dr. Doug Reding tells us the numbers were posted to a website by a company called Health Net Federal Services based in Rancho Cordova, California. The company is a government contractor that deals with health insurance for military families and veterans. Health Net Federal Services representatives told us Wednesday night the company notified 103-thousand doctors in eleven states that their personal information was openly posted on a company website.
The states involved include Wisconsin, Michigan, Illinois, Indiana, Ohio, Pennsylvania, Tennessee, Iowa, Missouri, Kentucky and West Virginia.
Director of Communications, Molly Tuttle, says the information was accidently posted to the website for about two months, and involved doctors who had filed a claim with the company between September of 2005, and September of 2006.”
Two months out in the open for anyone to see.
Oopsies! Pardon our mess!
Health Net Inc. appears to be the parent company of Health Net Federal Services.
I did a quick search to see if the last of the proverbial trilogy of bad things has happened to Health Net, but it does not appear to have…yet…wonder how good their HIPAA compliance is? Hmm…
Tags: awareness and training, Health Net, HIPAA, Information Security, IT compliance, personally identifiable information, PII, policies and procedures, privacy breach, risk management, security awareness, security training