February 17, 2017

New Jersey announced that the state’s largest healthcare provider, Horizon Healthcare Services, Inc., has agreed to pay $1.1 million and improve data security practices to settle allegations it failed to properly protect the privacy of nearly 690,000 New Jersey policyholders whose personal information was contained on two laptops stolen from the insurer’s Newark headquarters. The insurance giant, which does business as Horizon Blue Cross Blue Shield of New Jersey (“Horizon BCBSNJ”), agreed to the settlement after a Division investigation concluded that the company’s failure to comply with federal healthcare data security standards threatened to expose private information of its members – including their names, addresses, birthdates, insurance identifications and, in some instances, Social Security Numbers and limited clinical data. The State alleges that the policyholder data on the stolen laptops was password protected, but not encrypted, as required under these circumstances by the federal Health Insurance Portability Accountability Act, as amended by the Health Information Technology for Economic and Clinical Health Act (“HIPAA/HITECH”). NJ