Private Medical Data Exposed by Blue Cross/Blue Shield Mailing

| No Comments | No TrackBacks

Insurance benefit letters sent to wrong addresses by Blue Cross and Blue Shield reveal claim histories, open door to ID theft.

Georgia's largest health insurer sent an estimated 202,000 benefits letters containing personal and health information to the wrong addresses last week, in a privacy breach that also raised concerns about potential identity theft.

Blue Cross and Blue Shield of Georgia said Monday that the erroneous mailings were primarily Explanation of Benefits (EOB) letters, which include the patient's name and ID number, the name of the medical provider delivering the service, and the amounts charged and owed.

"A small percentage" of letters also contained the patient's Social Security numbers, said Cindy Sanders, a Blue Cross spokeswoman. The EOB forms were mailed to the addresses of other Blue Cross policyholders.

The security breach may be a violation of the federal Health Insurance Portability and Accountability Act of 1996 (HIPAA), which protects patients' medical information. The privacy rules were fully implemented in 2003, but few fines have been assessed under the law, experts said.

While the insurer said it was still determining the number of letters involved, state Insurance Commissioner John Oxendine, whose office is investigating the problem, gave a preliminary estimate of 202,000.

That figure does not equal the number of patients affected, though, because some would have received multiple EOBs if they had visited several medical providers, Oxendine said.

"This is very, very serious," Oxendine said. A person with knowledge of medicine or billing, for example, could determine if the patient was treated for cancer, HIV or fertility problems, he said.

Blue Cross said the mix-up was caused by a change in the computer system that was not properly tested.

"As soon as we became aware of the mailing error, we worked to determine the exact cause, and we have made changes to prevent it from happening again in the future," Sanders said.

Blue Cross has 3.1 million Georgia policyholders.

The error occurred statewide and affected both employer and individual health benefit plans. The company has many state employees and schoolteachers as members, as well as large and small corporate customers. Blue Cross declined to identify large employers that it serves.


Once again, it's not until after a data breaches occur, that those who may be affected by a potential identity theft, are offered free credit report monitoring.

With the continued reports of lost data, hacked information, and the latest reports of growth in ATM skimming, having a plan of action and taking the preventative steps to lessen the odds and impact of an id theft seems more optimal than scrambling around after the fact to clean up the mess. I would prefer to already have safeguards in place if I were to hear my information was compromised -again!

For more info and tips on how to figure out the best way to protect your personal information, search this blog for earlier are a couple to get you started:

Identity Theft: Kids are just as much at risk at you!

Free Credit Monitoring & Credit Score...How Good is it?


Medical identity theft:

Remember, medical id theft won't show up on your credit report. If you find erroneous in in an Explanation of Benefits, bogus medical bills, or receive calls from debt collectors for medical services you didn't have;

•Contact your health provider and your insurer. Most insurers have anti-fraud hot lines staffed by experts who can talk you through what to do. Typically, they will request a new insurance card for you and have a watch put on your old one.

•File a police report if you learn someone has stolen your identity

•Correct erroneous and false information in your file. Sending copies of a police report to insurers, providers and credit bureaus may be a step in cleaning up the problem.

•Take detailed notes. Write down the name and contact information of everyone you speak to.

Where to get help Patient Privacy Rights is a nonprofit organization founded in 2004 by Deborah Peel. The organization is dedicated to ensuring Americans control all access to their health records. This Web site has information on health privacy. The U.S. Department of Health and Human Services has information on medical privacy, including privacy provisions of the federal Health Insurance Portability and Accountability Act. The World Privacy Forum offers tips about what to do if you are a victim and links to other resources.

Enhanced by Zemanta

No TrackBacks

TrackBack URL:

Leave a comment

A memoir exposing the steep price consumers pay when facing mortgage servicing errors, inaccurate credit reporting, illegal debt collection practices, identity theft and weak consumer protection laws. THE BOOK » DENISE'S STORY »