Health Net Federal Services Achieves URAC HIPAA Privacy Reaccreditation

Share this article on:

Health Net Federal Services, LLC., has received URAC HIPAA Privacy reaccreditation, assuring current policyholders that their privacy is treated seriously, and HIPAA standards are being met.

URAC – the new name for the former Utilization Review Accreditation Commission – is an independent, non-profit organization that accredits health care organizations, including health plans, in this case on HIPAA standards.

Health Net Federal Services, LLC was awarded full reaccreditation for HIPAA privacy standards, effective from May 1, 2018. Health Net has been accredited with URAC since 2008.

According to URAC President and CEO Kylanne Green, “By applying for and receiving URAC accreditation, Health Net Federal Services has demonstrated a commitment to quality health care,” she went on to say, “Quality health care is crucial to our nation’s welfare and it is important to have organizations that are willing to measure themselves against national standards and undergo rigorous evaluation by an independent accrediting body.”

President of Health Net Federal Services, Billy Maynard, said “Health Net’s commitment and compliance with URAC’s stringent standards demonstrates our desire to ensure clinically sound and efficient health care services are delivered to the beneficiaries we serve.”

Correcting the Mistakes of the Past


Health Net Federal Services, LLC, should be well aware of Health Insurance Portability and Accountability Act Rules. The company is a fully owned subsidiary of Health Net Inc., a name associated with large scale data breaches and data breach fines and settlements.

In 2009, Health Net Inc., suffered a data breach involving the theft of an unencrypted portable hard drive, which exposed the records of 1.5 million policyholders. The company was fined in a groundbreaking case filed by the Connecticut Attorney General, resulting in a settlement of $250,000 for the insurer’s failure to protect data and slow breach response. It took Health Net 6 months to issue breach notification letters to affected policyholders. The Connecticut Insurance Department also fined Health Net; resulting in a $375,000 settlement for “failures to safeguard the personal information of its members from misuse by third parties.”

Health Net Inc., suffered a second major data breach in 2011, then the fourth largest breach of healthcare data ever recorded, and still one of the largest on record. The breach was caused by the loss of several server hard drives, which exposed the data of 1.9 million individuals. That data breach resulted in a settlement with plaintiffs to cover identity theft losses, and also the provision of identity theft protection services for a period of 2 years. The lawsuit also required Health Net to implement a number of changes to policies and procedures to ensure data was properly protected in the future. The company set aside $2 million to pay expenses related to ID theft, and related expenses of up to $50,000 for each individual affected and made unspecified changes to its policies. In 2013, Health Net suffered its third major breach, although much smaller than its previous two breaches. This time 8,331 records were exposed.

Since those data breaches were suffered, Health Net Inc., has made numerous improvements to policies and procedures to keep policyholder data secured, while its subsidiary also clearly appears to have benefited from Health Net’s knowledge, receiving this latest accreditation.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.

Share This Post On