If you live in Arizona and are enrolled in one of the Health Net HMO plans, keep a close eye on your mail! I received a letter from Health Net 3 days ago stating that I’d been disenrolled and that as of Jan 1, 2012 my medical services would no longer be covered by Health Net. Further down it said that if I thought I had not dis-enrolled that I should call them immediately.
Which I did since I had NEVER disenrolled. They’d received notice that I’d enrolled in United Health’s AARP Medicare Advantage plan so had canceled me. I insisted I’d never enrolled with AARP and spent the next 2 days on the phone. Is it just me? Oh no…… who knows how many in Arizona? Neither Health Net nor United Health will say and representatives from both companies told me they don’t plan on making this information public.
Have you received one of these letters from Health Net?
Do you not bother to open your mail for weeks? Are you too busy at Christmas to look through your junk mail? Got the letter but have no idea what it all means? If any of the last three then you know why this is happening right at this time of year.
Don’t get caught unaware. For background information please follow the convoluted trail I’ve trudged since Dec 21, 2011:
In July 2009, United Health Care purchased Health Net of the Northeast.
Sometime in 2009 (March, May and November have all been stated by different agencies) a Health Net disk of unencrypted customer information was stolen while en route from California to Connecticut. Health Net didn’t report the missing disk until November 2009. I have not yet determined who that disk was going to: Health Net Northeast or United Health.
In January of 2010, the Connecticut State Attorney General filed against Health Net of the Northeast, Health Net of Connecticut, United Health Group and Oxford Health Plans for failure to report the lost disk.
In July of 2010 a settlement was reached and Connecticut collected damages. Additionally Health Net agreed to provide affected customers with 2 years of credit monitoring, $1 million of identity theft insurance and reimbursement for cost of security freezes. Health Net also agreed to a ‘corrective action plan’ to comply with HIPAA including among other provisions: Improved identity theft protection; system controls; management and oversight structures.
In 2011, nine Health Net servers of unencrypted information went missing from an IBM facility. Again Health Net did not notify anyone until at least 3 months later. Apparently HIPAA is not working or the puny fines companies are getting are worth whatever benefits they are reaping from unlawful practices.
Now in December 2011, Health Net customers in Arizona are being transferred fraudulently from Health Net to AARP Medicare Advantage without their knowledge or permission. It happened to me and Health Net would not give me any information on how many others were affected. I was told the problem will not be made public and investigation is still ongoing. A supervisor at Heath Net told me that it appears to be happening only in Arizona to those who had any sort of contact for any reason with Secure Horizons in the past 3 years. How the applications were filed depended on who I spoke with: Either by phone, by mail, or online. All are dated Decr 7, 2011 which was the last day of open enrollment.
How could contacting Secure Horizons in the past 3 years have anything to do with fraudulent transfers of Health Net customers to United Health Care’s AARP Medicare Advantage Program? Because Secure Horizons is also owned by… United Health Care. Would United Health really do such a thing? Since they’ve done it before, probably. They were dragged into court in 2007 for doing the same thing in Florida, another state with a large elderly population.
It seems clear to me that either:
1. The missing disk from 2009 is involved since the agreement of the sale of Health Net of the NorthEast to United Health that year allowed United Health, starting in 2012, to offer its Medicare HMO plans (which include AARP Medicare Advantage in Connecticut) to what were Health Net Northwest customers. And here we are in Arizona being switched from Health Net to United Health Care’s AARP Medicare Advantage plan without our knowledge or consent as of January 1, 2012.
2. The recently missing Health Net servers from the IBM facility do affect Arizona though Health Net says they don’t. In 2009 Health Net first said the lost disk would only affect certain customers and then 3-6 months later said it include more customers than first thought.
In any case Arizona customers have gotten the short end of the protection stick. At the very least, Health Net should extend the credit and identity theft protection for Arizona as well. The 2 years free credit monitoring and ID Theft Protection from the 2009 breach ended for me on December 21, 2011. Obviously, 2 years was inadequate. Are we now to pay for it ourselves?
Since Health Net would be liable to pay an additional $1/2 million in fines according to the settlement agreement reached in 2010 if the information on that lost disk was ever used for illegal purposes (eg: the misuse of personal information to file fraudulent application health care applications), I expect to see someone scapegoated for this.
I was told by another person from Health Net that this appears to have been the work of one sales person. I said I wanted the person’s name and other information because I plan on suing them. He said that he would give me that information after the investigation was over. I’m not going to hold my breath. In reality I doubt they can point to one person as the supervisor I last talked with told me the applications were filed online. A sales person would only be responsible if they’d personally signed people up for AARP. Did one salesperson submit hundreds (or more) fraudulent applications online? Did one salesperson process all of the fraudulent online applications? Neither scenario seems likely. Or were they submitted by phone or mail as others first told me?
Where did they get information including my Medicare coverage start date? I don’t even know that without looking at my Medicare card.
Those in Arizona who are too busy to look through their usual mail from Health Net, or who have no idea what the letter means, or can’t spend 12 hours on the phone trying to get it settled will be without medical coverage as of January 1, 2012.
Why are Health Net and United Health refusing to make this public? From past cases, this appears to be ‘business as usual.’
2007, Jul 25: Suit accuses United Healthcare of fraud, says the company enrolled a woman in a Medicare alternative she didn’t want
2009, Jul 20: UnitedHealthcare to Acquire Health Net’s Northeast Licenses and Rights to Renew Membership
2009, Jul 21: United To Acquire Northeast Health Net Assets
2009, Nov 19: 1.5 Million Medical Files At Risk In Health Net Data Breach
2010, Jan 21: Doctors fear privacy sold in HealthNet sale
2010, Feb 1: Conn. medical society sues to block United-Health Net deal
2010, Aug 16: United-Health Net deal survives legal challenge
2010, Jan 13: Health Net, Inc. Connecticut Security Breach Lawsuit Plaintiffs [Health Net and affiliates: Health Net Of The Northeast, Inc., Health Net Of Connecticut, Inc., United Health Group Inc., and Oxford Health Plans, LLC. See ‘Documents’ links at bottom for PDFs of court documents.]
2010, Jul 7: Health Net Settles Breach Suit, Pays $250,000 in Connecticut Case
2011, Mar 14: Health Net Questioned About Second Security Breach In Two Years
2011, Mar 14: Health Net Press Release: Health Net, Inc. Investigating Unaccounted-for Server Drives
2011, Mar 14: Missing Health Net drives contained members, employees, and provider information
2011, Mar 14: CT AG wants Health Net to do more for consumers affected by breach
2011, Mar 14: Yet another Health Net breach raises disturbing questions
2011, Mar 14: HealthNet and HIPAA Again… So, Does HIPAA Work?