- A Florida health plan is dealing with a potential data breach after a mailing error caused some members to receive the personal information of other members.
CarePlus Health Plans announced that on September 18, a machine that was programmed to insert two premium statements per envelope led to some statements to be mailed to the wrong individual, according to a WTSP news report. Just one statement should have been included in each envelope. The information being mailed was related to CarePlus Late Enrollment Penalty Premium Statements that were processed and mailed on September 11.
The news station added that 1,400 individuals received data breach notification from CarePlus. Information potentially compromised includes names, addresses, and CarePlus identification numbers. Social Security numbers were not included in the statements.
CarePlus added that there is no reason to believe that the disclosed information has been used inappropriately, and that is adding extra security measures to ensure quality assurance in the mailroom.
Unfortunately mailroom errors can be a common source of health data breaches. Just last week HealthITSecurity.com reported on an Affinity Health Plan data breach where misprinted letters were sent to the wrong beneficiaries.
“Due to a printing error that we discovered on Friday, August 14, 2015, the back of the letter you received included a renewal reminder in another language that was mistakenly addressed to a different Affinity member,” explained an Affinity Health Plan letter sent to members. “As a result of this error, another Affinity member received a letter mistakenly addressed to you on the back of their August 4, 2015 letter.”
Affinity stated that members received reminder letters for renewing Child Health Plus for their children, but another copy of the letter, addressed to a different member and printed in a different language, was printed on the back.
Information included in the mailing error were children’s names, addresses, and AHP identification numbers. Health information, Social Security numbers, and billing information were not included, according to Affinity.
In a similar incident, Blue Cross and Blue Shield of North Carolina (BCBSNC) reported in September that a printing error discovered on August 14 that some members' billing invoice information was printed on the backs of other members' invoices. Additionally, just 10 days later BCBSNC discovered that some BCBSNC members received payment letters that included incorrect data. A spreadsheet error reportedly led to the wrong information being printed, according to BCBSNC.
Approximately 2,300 individuals were affected by the two incidents, which BCBSNC said it regrets they occurred and any inconvenience they brought to members.