HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Health Net Federal Services Achieves URAC HIPAA Privacy Reaccreditation

Health Net Federal Services, LLC., has received URAC HIPAA Privacy reaccreditation, assuring current policyholders that their privacy is treated seriously, and HIPAA standards are being met.

URAC – the new name for the former Utilization Review Accreditation Commission – is an independent, non-profit organization that accredits health care organizations, including health plans, in this case on HIPAA standards.

Health Net Federal Services, LLC was awarded full reaccreditation for HIPAA privacy standards, effective from May 1, 2018. Health Net has been accredited with URAC since 2008.

According to URAC President and CEO Kylanne Green, “By applying for and receiving URAC accreditation, Health Net Federal Services has demonstrated a commitment to quality health care,” she went on to say, “Quality health care is crucial to our nation’s welfare and it is important to have organizations that are willing to measure themselves against national standards and undergo rigorous evaluation by an independent accrediting body.”

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

President of Health Net Federal Services, Billy Maynard, said “Health Net’s commitment and compliance with URAC’s stringent standards demonstrates our desire to ensure clinically sound and efficient health care services are delivered to the beneficiaries we serve.”

Correcting the Mistakes of the Past


Health Net Federal Services, LLC, should be well aware of Health Insurance Portability and Accountability Act Rules. The company is a fully owned subsidiary of Health Net Inc., a name associated with large scale data breaches and data breach fines and settlements.

In 2009, Health Net Inc., suffered a data breach involving the theft of an unencrypted portable hard drive, which exposed the records of 1.5 million policyholders. The company was fined in a groundbreaking case filed by the Connecticut Attorney General, resulting in a settlement of $250,000 for the insurer’s failure to protect data and slow breach response. It took Health Net 6 months to issue breach notification letters to affected policyholders. The Connecticut Insurance Department also fined Health Net; resulting in a $375,000 settlement for “failures to safeguard the personal information of its members from misuse by third parties.”

Health Net Inc., suffered a second major data breach in 2011, then the fourth largest breach of healthcare data ever recorded, and still one of the largest on record. The breach was caused by the loss of several server hard drives, which exposed the data of 1.9 million individuals. That data breach resulted in a settlement with plaintiffs to cover identity theft losses, and also the provision of identity theft protection services for a period of 2 years. The lawsuit also required Health Net to implement a number of changes to policies and procedures to ensure data was properly protected in the future. The company set aside $2 million to pay expenses related to ID theft, and related expenses of up to $50,000 for each individual affected and made unspecified changes to its policies. In 2013, Health Net suffered its third major breach, although much smaller than its previous two breaches. This time 8,331 records were exposed.

Since those data breaches were suffered, Health Net Inc., has made numerous improvements to policies and procedures to keep policyholder data secured, while its subsidiary also clearly appears to have benefited from Health Net’s knowledge, receiving this latest accreditation.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.