Data breaches may now have become even more expensive. Under the HITECH Act of 2009, attorneys general can obtain damages against a health care provider on behalf of state residents.
The recent healthcare data breach in Connecticut, that exposed medical information for more than 400,000 individuals is not the first time that confidential personal health records have been exposed. However this is the first time that a state attorney general has used the new provisions of the HITECH Act of 2009 to sue a healthcare provider for HIPAA violations.
In the Connecticut healthcare breach, an external hard drive containing unencrypted medical records went missing from Health Net of Connecticut. Another interesting aspect of this particular data breach story is that the Connecticut Attorney General is seeking not only monetary awards but also seeks a court order forcing Health Net to encrypt all portable electronic devices.
Yet another reminder of the need for encryption to secure data and avoid expensive data breaches.