25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Hawai‘i Medical Service Association Privacy Breach Affects 10,800

Posted By on Feb 3, 2016

Independent Blue Cross Blue Shield licensee Hawai‘i Medical Service Association (HMSA) has started sending breach notification letters to 10,800 members alerting them to a HIPAA Privacy Rule breach that resulted in one member’s medical condition being disclosed to another HMSA member.

The privacy breach was caused by an error made with the mailing of care management letters to members, which resulted in letters being sent to incorrect individuals.

The incorrectly routed care management letters contained the name of an HMSA member along with information to help that individual manage a specific health conduction, such as asthma, diabetes, or health and lung disease.

According to a substitute breach notice placed on the HMSA website, no financial information, membership ID numbers, Social Security numbers, or other sensitive personal information were included in the letters. Individuals affected by the privacy breach do not therefore face a risk of identity theft as a result of the accidental disclosure of PHI.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

As well as notifying affected individuals by mail, HMSA is contacting all recipients of the incorrectly mailed letters to ensure the correspondence is disposed of correctly, if the letters are still in recipients’ possession.

What is peculiar about this mailing error is how long it was allowed to continue before the error was identified. The investigation into the privacy breach revealed that the error first occurred in April 2015 and continued until November 2015. HMSA was not made aware of the mailing error until December 3, 2015.

Individuals who receive an incorrect letter from a healthcare association usually raise the alarm within a few days. A healthcare mailing error resulting in a few individuals receiving incorrect correspondence may not result in any complaints being made to the healthcare organization in question. However, according to the breach report submitted to the Office for Civil Rights, 10,800 individuals received incorrect letters. It is therefore peculiar that it took so long for HMSA to be made aware of the error.

Now that the error has been identified and patients notified, HMSA has taken steps to prevent similar mailing errors from occurring in the future.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist