Emblem Health Mailing Error Exposes Members’ Social Security Numbers
Emblem Health, one of the largest health plans in the United States, has discovered a printing error has resulted in some members’ Social Security numbers being printed on the outside of envelopes during a recent mailing.
The New York-based health insurer says the privacy breach affects members of its subsidiary company, Group Health Inc. (GHI).
The error was made while mailing Medicare Prescription Drug Plan Evidence of Coverage documents to health plan members. Normally, all mailings include a unique mailing identifier which is printed on the envelope. These ID numbers are randomly generated and are included on the envelopes to help keep track of mailings.
However, for the latest mailing, an error was made that resulted in members Health Insurance Claim Number (HICN) being included in the electronic file that was sent to the health plan’s mailing vendor. That number was then printed on the envelopes instead of the mailing identifier. HICN numbers are formed from members’ 9-digit Social Security numbers.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Affected members therefore had their Social Security numbers printed on the outside of the envelopes along with their name and address. The HICN numbers were listed as a package number on the envelope (PKG#), not as a HCIN number or Social Security number. Even if the envelopes were viewed, it would likely be unclear that the number was the same as members’ Social Security numbers.
However, since SSNs were exposed, Emblem Health is taking no chances and has offered all affected members free enrolment in AllClear’s credit monitoring and identity repair services. Members will also be protected by a $1 million identity theft insurance policy and the services will be available for a period of two years rather than the standard 12 months.
Affected members are now being notified of the breach by mail and have been advised to sign up for the services and ensure that the label from the Evidence of Coverage mailing is removed and disposed of in a secure manner.
Emblem Health will be reviewing its policies and procedures and implementing new controls to ensure that errors of this nature are prevented in the future.