25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Data Breach Impacts Almost 14,000 Family Members of Subscribers

Posted By on Mar 30, 2018

The Special Agents Mutual Benefit Association (SAMBA) health plan is alerting almost 14,000 individuals about a February 2018 breach of protected health information.

The breach affects eligible family members of subscribers who were covered by the Federal Employees Health Benefits Plan in 2017.

It is an Internal Revenue Service (IRS) requirement for SAMBA to mail a copy of Form 1095-B to all plan subscribers each tax year. The form supports plan members’ and covered family members’ compliance with the Affordable Care Act’s individual mandate.

The forms for the 2017 tax year were mailed on or soon after February 19, 2018; however, a programming error resulted in the forms being populated with information relating to other subscribers’ family members.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Instead of detailing the subscribers’ family members covered by their health plan, the forms included the names and Social Security numbers of other subscribers’ family members and the dates of health insurance coverage in 2017.  The forms were also incorrectly dated 2016.

SAMBA notes that no subscribers’ Social Security numbers were disclosed. The breach was restricted to subscribers’ family members. An investigation into the error revealed the incorrect mailing affected 13,942 individuals.

The error was detected on February 22, 2018, and a second mailing was sent with the correct tax year and family members’ details on the forms. Notification letters have also been sent to family members impacted by the breach, and subscribers who received an incorrect copy of Form 1095-B have also been notified and instructed to destroy the 2016 version of the form.

SAMBA has not received any reports to suggest the impermissibly disclosed information has been misused in any way; however, as a precaution against identity theft, all affected individuals have been advised to exercise caution and obtain credit reports and check them and their Explanation of Benefits statements carefully for any sign of fraud.

“We are taking steps to prevent any future data incident, and as always will continue to review and improve our processes, policies, and procedures that address data privacy,” said SAMBA’s Executive Director, Walter E. Wilson.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist