ID Numbers of 70,320 Tufts Health Plan Members Exposed

March 7, 2018 James Keogh HIPAA News

Tufts Health Plan had a data breach that exposed the health plan member ID numbers of 70,320 members. The mailing vendor of Tufts Health Plan sent Preferred ID cards to Tufts Medicare Advantage members from December 11, 2017 to January 2, 2018. The envelopes used with the ID cards had plastic windows through which the plan members’ names and addresses were visible. Sorry to say, Tufts Health Plan member ID numbers were also visible. Tufts Health Plan discovered the mailing error on January 18 only.

The Social Security numbers or Medicare numbers of members were not used to create the Tuft Health Plan member IDs. However, it’s possible that someone might misuse the member ID numbers to avail of services covered by the health plan. According to legal experts, the risk of misuse of the plan members’ ID numbers is very low since it’s likely that employees of the postal service will be the only ones to see the member IDs. Tufts Health Plan sent notification to the plan members about the breach and informed them that in case of member ID misuse, they will not pay for the charges. Plan members are encouraged to review their Explanation of Benefits statements and submit a report if they see any services detailed on the statements that they have not availed.

After the incident, the health plan worked closely with the vendor to make sure that a similar mailing error will not happen again. The mailing vendor confirmed that they had fixed the cause of the privacy incident. Thankfully, this privacy breach had limited impact on the patients. Other similar incidents resulted to serious problems just as the case of Aetna’s business associate. A mailing error sent to about 12,000 plan members on July 28, 2017 resulted to the disclosure of the members’ receiving HIV medications. It was not only the postal service people who knew about the information, but also family members and roommates. Aetna had paid $18.15 million in fees and fines because of this data breach.

Another data breach incident of the same nature affected Amida Care in 2017. In this case, the phrase “Your HIV detecta” was visible through the envelope window. Since more than one breach incident had been associated to the use of envelopes with clear plastic windows, stringent checks should be employed to make sure that sensitive information will not be visible through the envelope window.

About James Keogh 144 Articles
James Keogh has been writing about the healthcare sector in the United States for several years. With several years of covering healthcare topics, he has developed expertise in HIPAA-related issues, including compliance, patient privacy, and data breaches. His work is known for its thorough research and accuracy, making complex legal and medical information accessible . James's articles are valuable resources for healthcare professionals and have been featured in reputable publications. You can follow James on Twitter https://x.com/JamesKeoghHIPAA and contact James on LinkedIn https://www.linkedin.com/in/james-keogh-89023681.
Twitter LinkedIn