NEWARK, N.J. (Legal Newsline) — New Jersey Attorney General Christopher S. Porrino announced Feb. 17 that Horizon Healthcare Services Inc., the state’s largest health care provider, will pay $1.1 million and improve data security practices after allegations of failing to properly protect the privacy of close to 690,000 New Jersey policyholders.
According to Porrino’s office, the company had the personal
information of all these consumers stored on two laptops at its headquarters. These
laptops were stolen.
During the weekend in which the theft occurred, numerous
outside vendors were working in the headquarters and had access to these
laptops. Porrino said the personal information of consumers was not
encrypted, as is required by the federal Health Insurance Portability
Accountability Act, as amended by the Health Information Technology for
Economic and Clinical Health Act (“HIPAA/HITECH”).
“Protecting the personal information
of policyholders must be a top priority of every company. Customers deserve it
and the law demands it,” said Steve Lee, director of the Division of Consumer
Affairs. “Horizon Blue Cross Blue Shield of New Jersey’s alleged security lapses risked exposing policyholders’ most private information to the public, leaving them vulnerable to
identity theft. This settlement ensures that Horizon BCBSNJ will maintain
appropriate data privacy and security protocols to prevent future data
Handling the case for New Jersey were deputy attorneys general
Elliott M. Siebers and Russell M. Smith Jr., and assistant attorneys general
John M. Falzone III and Brian McDonough.