11,200 CarePlus Health Plan Members Notified of PHI Breach

Share this article on:

A privacy incident has been experienced by Miami, FL-based CarePlus Health Plans which has seen certain plan members’ protected health information accidentally disclosed to other plan members.

Explanation of benefits statements were mailed to its plan members on January 9 and January 16, 2018, although on January 17, CarePlus became aware that some of the statements had been sent to incorrect individuals.

The EoB statements included names, addresses, dates of service, providers of services, the services that had been provided, CarePlus identification numbers and CarePlus health plan names. Highly sensitive information such as Social Security numbers and financial information were not detailed on the EoB statements. CarePlus has not received any reports to suggest any of the disclosed information has been misused.

The mismailing incident has been investigated by CarePlus and action has been taken to prevent any similar privacy incidents from occurring in the future. CarePlus says the mismailing incident was due to a series of programming and printing errors. Breach notification letters are now being mailed to all individuals impacted by the breach to advise them about the accidental disclosure of their PHI.

The incident has yet to appear on the Department of Health and Human Services’ Office for Civil Rights data breach portal, although WFLA has reported that incident impacts approximately 11,200 plan members.

This is the second mismailing incident to be reported by CarePlus Health Plans in the past three years. In September 2015, CarePlus announced more than 1,400 of its plan members had been impacted by a mailing incident that saw two EoB statements accidentally inserted into envelopes – The correct EoB statement and the statement of another plan member.

Author: HIPAA Journal

Share This Post On