Emblem Health Mailing Error Exposes Members’ Social Security Numbers

Share this article on:

Emblem Health, one of the largest health plans in the United States, has discovered a printing error has resulted in some members’ Social Security numbers being printed on the outside of envelopes during a recent mailing.

The New York-based health insurer says the privacy breach affects members of its subsidiary company, Group Health Inc. (GHI).

The error was made while mailing Medicare Prescription Drug Plan Evidence of Coverage documents to health plan members. Normally, all mailings include a unique mailing identifier which is printed on the envelope. These ID numbers are randomly generated and are included on the envelopes to help keep track of mailings.

However, for the latest mailing, an error was made that resulted in members Health Insurance Claim Number (HICN) being included in the electronic file that was sent to the health plan’s mailing vendor. That number was then printed on the envelopes instead of the mailing identifier. HICN numbers are formed from members’ 9-digit Social Security numbers.

Affected members therefore had their Social Security numbers printed on the outside of the envelopes along with their name and address. The HICN numbers were listed as a package number on the envelope (PKG#), not as a HCIN number or Social Security number. Even if the envelopes were viewed, it would likely be unclear that the number was the same as members’ Social Security numbers.

However, since SSNs were exposed, Emblem Health is taking no chances and has offered all affected members free enrolment in AllClear’s credit monitoring and identity repair services. Members will also be protected by a $1 million identity theft insurance policy and the services will be available for a period of two years rather than the standard 12 months.

Affected members are now being notified of the breach by mail and have been advised to sign up for the services and ensure that the label from the Evidence of Coverage mailing is removed and disposed of in a secure manner.

Emblem Health will be reviewing its policies and procedures and implementing new controls to ensure that errors of this nature are prevented in the future.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.

Share This Post On