To add to Health Net’s data protection woes, on January 6, it notified the New Hampshire Attorney General’s Office that on September 9, it learned that a report sent electronically to one of its general insurance agents mistakenly contained information belonging to Health Net members who were not clients of that agent. The personal information included names, dates of enrollment, and Medicare Social Security numbers.
The company reports that it immediately recognized its error and contacted the agent, who confirmed that the file was deleted without further dissemination.
The company explains some of the delay in notifying the state and individuals by noting that because Medicare numbers were involved, they needed to obtain permission and approval from the Centers for Medicare and Medicaid Services for notification and remediation proposed; that approval was received on December 17.