Saturday, November 21, 2009

6 Months to report?!!!

The Chicago Tribune reports that Health Net lost a portable, external hard drive with data on 1.5 million customers dating back to 2002. The loss was reported to the Connecticut Attorney Generals office Wednesday. The drive was lost SIX MONTHS AGO!!!

And they were keeping patient data on a portable hard drive? Apparently unencrypted? If that's not a violation of some type, it should be.

Despite some legitimate concerns about absolute notification, is it any wonder I don't want the hospitals and insurance companies deciding what and when they should report?