Mail Delivery Truck Stolen: 2400 Inland Empire Health Plan Members’ PHI Exposed

Kaiser Permanente is in the process of notifying 2,400 members of the Inland Empire Health Plan of the theft of Evidence of Coverage handbooks from a mail delivery truck. The names and addresses of plan members were also exposed.

The data, which are classed as Protected Health Information under the Health Insurance Portability and Accountability Act, were stolen from a mail delivery truck at some point between March 12 and March 14, 2016.

In a breach of Kaiser Permanente’s vendor mail delivery policies, the truck containing the handbooks was left unattended in a non-secure area. It would appear that the delivery truck had been left in a parking lot in the city of Santa Clarita, CA., over the weekend.

Thieves gained entry to the vehicle and drove it to an unspecified location where they robbed the vehicle of its contents. The theft was reported to law enforcement in Santa Clarita and the vehicle was subsequently recovered, but not the Evidence of Coverage handbooks. The handbooks were for California Medi-Cal members in Southern California.

Kaiser Permanente does not believe the stolen data could be used for improper activity. The Evidence of Coverage handbooks did not contain any Social Security numbers, dates of birth, financial or account information, health data, medical record numbers, or descriptions of any medical services provided to members. The handbooks only provided a generic overview of health plan benefits.

Kaiser Permanente released a statement saying the incident was investigated and steps are now being taken to reduce the risk of similar privacy breaches from occurring in the future. Affected Inland Empire Health Plan members should receive a notification letter and an apology for the privacy breach in the next few days.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.