Thursday, April 28, 2011

HealthNet Violates HIPAA Again and Again And Again

On March 14, HealthNet notified many subscribers, probably close to several million, that they were affected by the loss of "several hard disk drives" containing names, addresses, Social Security numbers, health information, and financial information. In essence, just about everything anyone could want to know about you to steal your complete identity.

This severe breach of security and violation of HIPAA law occurred on January 21, yet it took until March 14 for HealthNet to mail letters out? Which arrived several days later? Seven weeks? So they allowed their subscribers identity theft potential to hang out in the wind for seven weeks, while they did nothing but probably try and cover their corporate asses?

Then to make matters worse, what do they do? Give your information to some third party you never even heard of. Debix. Not Equifax, or Trans-Union, or Experian. No, to some other outfit that they probably got dirt cheap and then gave all your private information, such as your name, address, birth date, Social Security number and God knows what else to so they can "monitor your credit." Hell, you can do that yourself, and I strongly suggest you put a security freeze on your credit reporting agencies if you are affected by this mess.

How do I know that HealthNet violated privacy regulations yet again?

Because, HealthNet "offered" affected subscribers the "choice" whether to use the services offered by Debix or not. Also, to reimburse fees incurred to attach and lift "Security Freezes" on credit reporting agencies to guard against identity theft. However, when requesting a reimbursement, I was first advised I had to go through HealthNet and not Debix. Then that I had to sign up for Debix. When I advised them I didn't want to sign up for Debix, I found HealthNet had already provided all my personal information, including Social Security number, birth date, address, etc to Debix without my knowledge or permission, whether I "signed up" or not! Another privacy breach by HealthNet!

I strongly suggest you file complaints with the Department of Health and Human Services, Office of Civil Rights because your Health Privacy Rights have been severely violated. The web site is http://hhh.gov/ocr and you will find the forms to fill out and either print and sign and mail there or e-mail.

Also contact your State Attorney general and request they file suit as has the Attorney General in Conneticut. Time the States clamp down and protect our privacy as well.

PS: Latest news says that there are 9 server drives missing and unaccounted for. NINE. That's a few more than SEVERAL!!