- Molina Healthcare issued PHI data breach notification letters to current or former members explaining that their PHI had been breached for fraudulent purposes. According to a copy of the letter, CVS, the over-the-counter (OTC) vendor for Molina Healthcare, notified the insurer of the health data breach on July 20. Letters were dated September 17.
The health data breach reportedly happened around March 26. According to the letter, a former CVS employee stole patient PHI and downloaded it to his computer. The retailer has strong reason to believe the former employee had malintent and planned to use the information to obtain OTC medications.
The stolen PHI included full name, CVS ID, CVS ExtraCare Health Card number, Rx plan number, Rx plan state, and plan start and end dates.
Molina Healthcare stated in its letter that this health data breach may lead to identity theft, and advises all potentially affected individuals to put a fraud alert on his or her credit file. The health insurer provided individuals with agencies that will help them create a fraud alert, and also obtain a free credit report.
The health insurer also emphasized the importance of carefully inspecting credit reports for any unusual and suspicious activity, which may include: new accounts the individual does not remember opening, requests from creditors the individual did not make, and medical bills the individual does not know about.
It is also important that potentially affected individuals ensure that their personal information stay intact. According to the letter, individuals should keep a careful eye on that to protect themselves from identity theft.
The letter urges individuals to contact the police if there is something wrong with their credit, and that they should file an identity theft report. If there is nothing wrong with their reports, the letter still suggests individuals check their credit reports every three months for the next year.
Molina Healthcare and CVS report that they are working together to remedy the situation. CVS will be replacing ExtraCare Health Cards for affected individuals who are current members of Molina Healthcare and who have not had one replaced within the past year. Molina Healthcare will also be providing individuals with one year of free identity theft protection.
Medical identity theft is a significant concern whenever health data has been breached. As reported by HealthITSecurity.com, the Ponemon Institute found that identity theft due to health data breaches has increased by 21.7 percent in the course of the past year.
Furthermore, those who experience medical identity theft may often fault the care provider. Approximately half of study respondents stated that they felt their PHI was exposed as a result of provider negligence.
As health data breaches become increasingly common, as does the risk of patient identity theft. In order to best protect from this theft, it is important that providers and insurers follow HIPAA guidelines and implement adequate administrative, technical and physical safeguards to ensure PHI remains confidential.