Ooops: Health Net Loses 1.9 Million Patient Data Records

As a reminder that even the best technology still relies on humans not making dumb mistakes, reports that Health Net’s technology partner, IBM, has seemingly lost a few hard drives. Normally not a big deal.

Except that these drives contained patient data records of nearly 1.9 million people. What good is encrypted online transmission when things like this still happen?

Managed health care provider Health Net said this week that “several” server drives managed by IBM had gone missing, putting possibly 1.9 million records containing the personal information of its customer base at risk.

Health Net did not say how many records may be at risk, although the company says it administers records to 6 million individuals. Data including Social Security numbers, names and addresses, and other personal information are at risk.

On Monday, Health Net said that “several” drives had gone missing from a server or servers operated by IBM, its partner, for a data center in Rancho Cordova, Calif. However, the California Department of Managed Health Care said that nine of Health Net’s server drives containing personal information for 1.9 million current and past enrollees nationwide are missing, including records for more than 622,000 enrollees in Health Net products regulated by the DMHC, more than 223,000 enrolled in California Department of Insurance products, and a number enrolled in Medicare.

The article was moot on perhaps the most important question — was patient data encrypted on these drives? The way they were talking about offering 2 years’ free data monitoring services suggests the worse possible scenario, that all of this patient data was being stored unencrypted on these drives.

Hey, I’m all for electronic records. But let’s get the basics right, too — such as proper, secure handling of all the hardware that actually holds all of our virtual bits. And encrypting the data on these kinds of drives seems like Security 101.

Read the full article: Health Net, IBM Lose Drives with Stored Customer Records


Posted in: found on the net





2 Responses to “Ooops: Health Net Loses 1.9 Million Patient Data Records”

  1. > Let’s get the basics right

    On a related note, yesterday’s post on EMR And HIPAA notes the very beginnings of awakening that when erroneous data is in a computer system, it stays there, and if you copy it, the error gets copied too.

    On a related note about the basics, today in a comment on the SPM members listserv I said, “it’s becoming apparent that learning about data quality will be a big hump for many people in healthcare to get over. … We gotta get to work.”

  2. JohnInCalifornia says:

    This is just the tip of the iceberg… it’ll be really interesting in the not-too-distant future when the institutions that aren’t reporting their violations are held accountable for their egregious –and heretofore unreported–privacy violations.

Leave a Reply