Florida Insurance Commissioner Suspends Mirra Health for Medicare Data Transfers to Foreign Companies
The sensitive data of more than 23,000 Florida Medicare members has been impermissibly shared with overseas companies, putting Medicare members’ sensitive health data at risk. The data was shared by Mirra Health, a provider of administrative services to health maintenance organizations (HMOs) in Florida.
Mirra Health had contracts with three HMOs in Florida: Secure Inc, Solis Health Plans Inc., and Ultimate Health Plans Inc. Under those contracts, Mirra Health agreed to provide certain administrative services, including member enrollment, claims adjudication and payment, utilization management, and grievance and appeals processing. Mirra Health engaged four unlicensed companies in India and the Philippines to perform claims processing and other functions and provided those companies with the necessary data to perform those functions.
While Mirra Health may choose to delegate certain functions to subcontractors, sensitive data was shared with unlicensed companies without the knowledge or prior approval of the HMOs or their enrollees. Under the terms of its contracts with the HMOs, prior authorization must be received before passing any data to offshore partners.
An investigation conducted by the Florida Office of Insurance Regulation determined that Mirra Health had engaged in business practices that pose an imminent threat to the public health, safety, and welfare of state residents. Mirra Health was found to have disclosed the sensitive data of 23,119 Florida Medicare Advantage enrollees to those unlicensed companies. The majority of the affected individuals participated in Chronic Condition Special Needs Plans (C-SNPs), Dual Eligible Special Needs Plans (D-SNPs), and Institutional Special Needs Plans (I-SNPs). When the Florida Office of Insurance Regulation requested that Mirra Health produce the contracts it had signed, it failed to produce all contracts with overseas companies, in violation of section 626.884 of the Florida Insurance Code.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
This week, Florida Insurance Commissioner Michael Yaworsky suspended Mirra Health LLC’s certificate of authority. Yaworsky said the company demonstrated it is not competent or trustworthy, as it disclosed sensitive Medicare data to foreign entities that are beyond the regulatory reach of the Office of Insurance Regulation, depriving both the Office and the HMOs of the ability to protect vulnerable state residents.
