Tucson Citizen Posts Medicare and United Health Care Statements

I see that while I was sleeping the past few days Medicare issued a statement about the United Healthcare / Health Net situation. A post on Tucson Citizen forced United Healthcare to issue a statement as well although I was told in December that they were not going to make the situation public.

For some odd reason, no-one commenting there seems to believe the statements. Perhaps it’s because the statements are unbelievable!

From the Tucson Citizen: Medicare Advantage: Enrollment fraud investigated in Tucson

And yes, I did add a comment there that goes a bit beyond what I posted here in December and includes a word or two about the relationship between Health Net, United Healthcare and OptumInsight (formerly Ingenix) which should interest anyone who still thinks their medical information is private.

My comment included here for the record and for searches:

January 7, 2012 5:21pm:

Ah, once again we see the “Business of Poverty” that Bill Moyers covered so well a few years back.

When I found out this happened to me on Dec 22 I was told by both HealthNet and United Healthcare that they were not going to make this situation public. I called local news stations, emailed a few newspapers and no-one would pick up the story. Since I felt the information was critical and time-sensitive I posted about it on wordpress:

Dec 23: Arizona Health Net Medicare HMO Customers Fraudulently Transferred to United Health’s AARP Medicare HMO as of 12.07.2011

Dec 27: Update on Arizona Health Net / United Health Care Fraudulent Transfer Applications

A short summery of some of what I say below can be found in those posts.

Some agent did this? Hardly likely. No mention that most of the ‘fraudulent applications’ used people’s old addresses. Or that to fill out such an application the “agent” would have to have known the Medicare start date for each individual. I don’t even know what mine is. I’d have to look at my Medicare card.

There is a long trail leading to this instance of Medicare slamming. United Healthcare was caught doing the same thing in Florida (another large elderly and disabled population) in 2007 and it was a major story then:

Florida Lawyer Brings Class Action Against UnitedHealthcare


And then there were the HealthNet disks stolen in 2009 while en route to somewhere during the transition period of United Healthcare’s buy out HealthNet North East.

Perhaps the disks finally showed up. At United Health Care.

And last October, 9 HealthNet servers went missing from the vendor IBM facility. HealthNet states that the thefts don’t affect clients in Arizona and so did not provide ID theft coverage.

And on and on and on.

There is no such thing as personal medical information anymore. If HealthNet didn’t get Arizonan’s info from the disks that went missing in 2009 or the servers that went missing in October 2011 they’d all still have everyone’s info available to them anyway since they all use Ingenix (a “Health Information Exchange”) which is owned by… United HealthCare (Ingenix changed it’s name to OptumInsight after the NY Attorney General sued them and United Healthcare in 2008 for using algorithms that defrauded both doctors and patients):


Please file a formal complaint with the AZ Department of Insurance:


While other states have brought suit against HealthNet, United Healthcare and Ingenix Arizona seems to just let it all go by. Where is the AZ Attorney General?

Arizona Health Net Medicare HMO Customers Fraudulently Transferred to United Health’s AARP Medicare HMO as of 12.07.2011

If you live in Arizona and are enrolled in one of the Health Net HMO plans, keep a close eye on your mail! I received a letter from Health Net 3 days ago stating that I’d been disenrolled and that as of Jan 1, 2012 my medical services would no longer be covered by Health Net. Further down it said that if I thought I had not dis-enrolled that I should call them immediately.

Which I did since I had NEVER disenrolled. They’d received notice that I’d enrolled in United Health’s AARP Medicare Advantage plan so had canceled me. I insisted I’d never enrolled with AARP and spent the next 2 days on the phone. Is it just me? Oh no…… who knows how many in Arizona? Neither Health Net nor United Health will say and representatives from both companies told me they don’t plan on making this information public.

Have you received one of these letters from Health Net?

Health Net Letter 12-2011

Do you not bother to open your mail for weeks? Are you too busy at Christmas to look through your junk mail? Got the letter but have no idea what it all means? If any of the last three then you know why this is happening right at this time of year.

Don’t get caught unaware. For background information please follow the convoluted trail I’ve trudged since Dec 21, 2011:

In July 2009, United Health Care purchased Health Net of the Northeast.

Sometime in 2009 (March, May and November have all been stated by different agencies) a Health Net disk of unencrypted customer information was stolen while en route from California to Connecticut. Health Net didn’t report the missing disk until November 2009. I have not yet determined who that disk was going to: Health Net Northeast or United Health.

In January of 2010, the Connecticut State Attorney General filed against Health Net of the Northeast, Health Net of Connecticut, United Health Group and Oxford Health Plans for failure to report the lost disk.

In July of 2010 a settlement was reached and Connecticut collected damages. Additionally Health Net agreed to provide affected customers with 2 years of credit monitoring, $1 million of identity theft insurance and reimbursement for cost of security freezes. Health Net also agreed to a ‘corrective action plan’ to comply with HIPAA including among other provisions: Improved identity theft protection; system controls; management and oversight structures.

In 2011, nine Health Net servers of unencrypted information went missing from an IBM facility. Again Health Net did not notify anyone until at least 3 months later. Apparently HIPAA is not working or the puny fines companies are getting are worth whatever benefits they are reaping from unlawful practices.

Now in December 2011, Health Net customers in Arizona are being transferred fraudulently from Health Net to AARP Medicare Advantage without their knowledge or permission. It happened to me and Health Net would not give me any information on how many others were affected. I was told the problem will not be made public and investigation is still ongoing. A supervisor at Heath Net told me that it appears to be happening only in Arizona to those who had any sort of contact for any reason with Secure Horizons in the past 3 years. How the applications were filed depended on who I spoke with: Either by phone, by mail, or online. All are dated Decr 7, 2011 which was the last day of open enrollment.

How could contacting Secure Horizons in the past 3 years have anything to do with fraudulent transfers of Health Net customers to United Health Care’s AARP Medicare Advantage Program? Because Secure Horizons is also owned by… United Health Care. Would United Health really do such a thing? Since they’ve done it before, probably. They were dragged into court in 2007 for doing the same thing in Florida, another state with a large elderly population.

It seems clear to me that either:

1. The missing disk from 2009 is involved since the agreement of the sale of Health Net of the NorthEast to United Health that year allowed United Health, starting in 2012, to offer its Medicare HMO plans (which include AARP Medicare Advantage in Connecticut) to what were Health Net Northwest customers. And here we are in Arizona being switched from Health Net to United Health Care’s AARP Medicare Advantage plan without our knowledge or consent as of January 1, 2012.

2. The recently missing Health Net servers from the IBM facility do affect Arizona though Health Net says they don’t. In 2009 Health Net first said the lost disk would only affect certain customers and then 3-6 months later said it include more customers than first thought.

In any case Arizona customers have gotten the short end of the protection stick. At the very least, Health Net should extend the credit and identity theft protection for Arizona as well. The 2 years free credit monitoring and ID Theft Protection from the 2009 breach ended for me on December 21, 2011. Obviously, 2 years was inadequate. Are we now to pay for it ourselves?

Since Health Net would be liable to pay an additional $1/2 million in fines according to the settlement agreement reached in 2010 if the information on that lost disk was ever used for illegal purposes (eg: the misuse of personal information to file fraudulent application health care applications), I expect to see someone scapegoated for this.

I was told by another person from Health Net that this appears to have been the work of one sales person. I said I wanted the person’s name and other information because I plan on suing them. He said that he would give me that information after the investigation was over. I’m not going to hold my breath. In reality I doubt they can point to one person as the supervisor I last talked with told me the applications were filed online. A sales person would only be responsible if they’d personally signed people up for AARP. Did one salesperson submit hundreds (or more) fraudulent applications online? Did one salesperson process all of the fraudulent online applications? Neither scenario seems likely. Or were they submitted by phone or mail as others first told me?

Where did they get information including my Medicare coverage start date? I don’t even know that without looking at my Medicare card.

Those in Arizona who are too busy to look through their usual mail from Health Net, or who have no idea what the letter means, or can’t spend 12 hours on the phone trying to get it settled will be without medical coverage as of January 1, 2012.

Why are Health Net and United Health refusing to make this public? From past cases, this appears to be ‘business as usual.’


2007, Jul 25: Suit accuses United Healthcare of fraud, says the company enrolled a woman in a Medicare alternative she didn’t want

2009, Jul 20: UnitedHealthcare to Acquire Health Net’s Northeast Licenses and Rights to Renew Membership

2009, Jul 21: United To Acquire Northeast Health Net Assets

2009, Nov 19: 1.5 Million Medical Files At Risk In Health Net Data Breach

2010, Jan 21: Doctors fear privacy sold in HealthNet sale

2010, Feb 1: Conn. medical society sues to block United-Health Net deal

2010, Aug 16: United-Health Net deal survives legal challenge

2010, Jan 13: Health Net, Inc. Connecticut Security Breach Lawsuit Plaintiffs [Health Net and affiliates: Health Net Of The Northeast, Inc., Health Net Of Connecticut, Inc., United Health Group Inc., and Oxford Health Plans, LLC. See ‘Documents’ links at bottom for PDFs of court documents.]

2010, Jul 7: Health Net Settles Breach Suit, Pays $250,000 in Connecticut Case

2011, Mar 14: Health Net Questioned About Second Security Breach In Two Years

2011, Mar 14: Health Net Press Release: Health Net, Inc. Investigating Unaccounted-for Server Drives

2011, Mar 14: Missing Health Net drives contained members, employees, and provider information

2011, Mar 14: CT AG wants Health Net to do more for consumers affected by breach

2011, Mar 14: Yet another Health Net breach raises disturbing questions

2011, Mar 14: HealthNet and HIPAA Again… So, Does HIPAA Work?