HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

11,200 CarePlus Health Plan Members Notified of PHI Breach

A privacy incident has been experienced by Miami, FL-based CarePlus Health Plans which has seen certain plan members’ protected health information accidentally disclosed to other plan members.

Explanation of benefits statements were mailed to its plan members on January 9 and January 16, 2018, although on January 17, CarePlus became aware that some of the statements had been sent to incorrect individuals.

The EoB statements included names, addresses, dates of service, providers of services, the services that had been provided, CarePlus identification numbers and CarePlus health plan names. Highly sensitive information such as Social Security numbers and financial information were not detailed on the EoB statements. CarePlus has not received any reports to suggest any of the disclosed information has been misused.

The mismailing incident has been investigated by CarePlus and action has been taken to prevent any similar privacy incidents from occurring in the future. CarePlus says the mismailing incident was due to a series of programming and printing errors. Breach notification letters are now being mailed to all individuals impacted by the breach to advise them about the accidental disclosure of their PHI.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

The incident has yet to appear on the Department of Health and Human Services’ Office for Civil Rights data breach portal, although WFLA has reported that incident impacts approximately 11,200 plan members.

This is the second mismailing incident to be reported by CarePlus Health Plans in the past three years. In September 2015, CarePlus announced more than 1,400 of its plan members had been impacted by a mailing incident that saw two EoB statements accidentally inserted into envelopes – The correct EoB statement and the statement of another plan member.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.