Connecticut AG Opens New Era in HIPAA Enforcement with Health Net Suit: Via Security, Privacy and The Law Published by Foley Hoag LLP.

In the first instance of a state attorney general exercising the new powers granted by the Health Information Technology for Economic and Clinical Health Act ("HITECH Act"), Connecticut Attorney General Richard Blumenthal (and recently announced candidate for the U.S. Senate) filed suit today against Health Net of Connecticut, Inc. for failing to secure private patient medical records and financial information involving 446,000 enrollees in Connecticut and for failing to promptly notify consumers of the security breach. [ Read more ... ]

Health Insurer Loses 1.5 Million Patient Records: Via Threat Level.

A health insurer lost 1.5 million patient records last May but waited six months to disclose the incident.

The data, which was stored on a portable disk drive that disappeared from the insurer’s office, was unencrypted and included patient Social Security numbers, bank account numbers and health data, according to the Hartford Courant. The disk also contained personal information on at least 5,000 physicians.

Health Net discovered the loss in May but never informed patients, law enforcement or government entities, despite data breach laws in some states that require data spillers to notify victims and state officials when residents are affected by a breach. The insurer finally sent a letter to Connecticut’s attorney general and the state’s Department of Insurance this week. [ Read more ... ]

Connecticut Department Of Education Told to Comply With Identity Theft Protection Law - April 2007: "Connecticut Attorney General Richard Blumenthal stated in an investigative report released last week that the state Department of Education (DOE) must take steps to comply with state law to protect employees from identity theft.

The report concerned a security breach within the state's Technical High School System (THSS). Blumenthal's office investigated a complaint that in March 2006 a THSS employee disclosed the social security numbers of over 1,200 teachers in an e-mail sent within the school system.

In an e-mailed notice informing administrators of professional training opportunities for teachers, a THSS employee accidentally included a list of the names and social security numbers of 1,258 teachers. The e-mail was sent to approximately 192 THSS employees.

Although the release was inadvertent and THSS acted quickly to address the situation, Blumenthal said the DOE's use and protection of personal information was inconsistent with state law -- specifically the Personal Data Act. [ Read more ... ]