HIX failed to memoir dozens of breaches, audit finds

A present audit came across that a Connecticut health insurance protection substitute failed to memoir dozens of knowledge breaches between July 2017 and March 2021 to the Auditors of Public Accounts and the Recount Comptroller.

Moreover to, the stated the memoir released this past month, the synthetic did not impart “adequate actions” to fabricate determined client recordsdata security.  

“Breaches of knowledge amplify the client’s threat of identification theft, clinical insurance protection abuse, and financial fraud.

The synthetic incurred charges of two-twelve months security monitoring for purchasers who experienced a breach,” stated the Auditors of Public Accounts memoir.  


As outlined in the memoir, the Connecticut Health Insurance Replace, which does switch as Bag entry to Health CT, used to be created as a narrate-primarily primarily based health insurance protection marketplace in step with the Affordable Care Act.  

Its aim, stated auditors, is to diminish the number of uninsured people in Connecticut. Nevertheless, auditors came across that many of these people’ recordsdata could per chance additionally hold been doubtlessly exposed.  

From July 2017 through March 2021, the synthetic experienced 44 breaches of client recordsdata – including 34 from a single contractor, reported by native retail outlets to be call center dealer Faneuil Inc.  

The ideal 10 breaches stemmed from five diverse entities.  

Though the group relayed the incidents to the Felony professional Unique, it did not procure so that you just need to per chance diverse companies, as required by narrate legislation.  

As noted by Hearst Connecticut Media‘s Mary Katherine Wildeman, the synthetic has experienced primarily the most breaches of any group in the narrate over present years. Bag entry to Health CT representatives did not reply to Healthcare IT News‘ requests for commentary, though spokesperson Kathleen Tallarita instructed Wildeman most of the breaches hold been miniature.  

Nevertheless, as a minimal actually one of many scams affected 1,100 purchasers, stated the memoir.  

“The Replace recognizes the importance of actual info security controls especially given the sensitive nature of knowledge the Health Insurance Replace systems direction of and store,” stated the agency in a commentary integrated in the auditor memoir.   

“The Replace monitors dealer compliance with security requirements and is imposing further protocols to video display compliance and toughen dealer security practices,” it persevered.   

“The Replace requires any dealer inflicting a breach to duvet the value of two-years of security monitoring for purchasers who experienced a breach, and requires vendors to grab adequate liability insurance protection in case of a breach,” it stated.   

“The Replace complies with statutory reporting requirements, and must quiet note further reporting requirements,” added the group.  


Healthcare organizations hold confronted stepped-up enforcement from govt entities in the case of holding health info.  

Staunch this past month, the HHS Location of labor for Civil Rights hit two suppliers with five-digit settlements to tackle doable HIPAA Privateness Rule violations.

And in February, the Recount of Rhode Island Location of labor of the Felony professional Unique issued a civil investigative seek info from to UnitedHealthCare of New England, after a security breach exposed the knowledge of 22,000 people.  


“The Replace is currently working with two third-social gathering vendors to abet with the implementation of a Possibility Administration Framework to provide total visibility and oversight into compliance with info security controls,” reported the Auditors of Public Accounts.

Kat Jercich is senior editor of Healthcare IT News.

Twitter: @kjercich

Email: [email protected]

Healthcare IT News is a HIMSS Media newsletter.

Related Articles

Leave a Reply

Your email address will not be published.

Back to top button