Skip Navigation

Connecticut AG First to Settle Case Using New HIPAA Powers

Bookmark and Share

On July 7, 2010, Connecticut Attorney General Richard Blumenthal became the first state attorney general in the US to settle alleged HIPAA violations, under the new authority granted by under the Health Information Technology for Economic and Clinical Health Act (HITECH Act).

This first-ever Attorney General action under the HITECH Act resulted from charges related to the loss of a computer disk drive containing unencrypted health information of health plan participants (approximately one-third of whom resided in Connecticut). The Connecticut AG charges focused upon the fact that the breach was not reported within the prescribed 60 day period.

The settlement included a $250,000 fine as well as a contingency payment of up to $500,000 if it is proven that the information on the lost disk is ever used to the commit a crime.  Attorney General Blumenthal also required two years of credit monitoring, $1 million of identity theft insurance and reimbursement for the costs of security freezes on affect individual accounts.

Read the CT AG’s Release