25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Mailing Error Resulted in Impermissible Disclosure of 19,570 Missouri Care Members’ PHI

Posted By on Aug 30, 2018

An error in a mailing to Missouri Care members reminding them to book well-child visits has resulted in the accidental disclosure of the personal information of almost 20,000 children to other Missouri Care members.

The personal information detailed in the letters was limited to children’s names, ages, and the names of their provider’s. Health information and other sensitive data was not exposed, so the potential for the information to be misused is low. However, out of an abundance of caution, parents and legal guardians of affected children have been advised to monitor their credit card bills and account statements for any suspicious activity and told not to respond to any email requests asking for further personal information. Free credit monitoring services have been offered to all individuals affected by the breach.

WellCare Health Plans Inc., discovered the error on July 25, 2018 and launched an investigation to determine how the error occurred and the individuals that were impacted. The mailing had been sent to 19,570 individuals, although it is unclear how many of those letters were incorrectly addressed.

The personal information that was exposed is classed as protected health information under HIPAA, and as such, the exposure of the information requires notifications to be mailed to all affected individuals. Since the incident involved more than 500 individuals, a media notice about the breach was also warranted and was sent to the Kansas City Star.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

In the letter, WellCare Health Plans VP and chief security and privacy officer said, “Missouri Care is deeply committed to protecting our members’ privacy, and we apologize for any inconvenience this incident may have caused.”

WellCare Health Plans Inc., said policies and procedures for mailings have been reviewed and updated to prevent similar incidents from occurring in the future.

This is the second mis-mailing incident to affect Missouri Care members in the past year. A similar mis-mailing error occurred in August 2017, which resulted in the accidental disclosure of the PHI of 1,223 plan members. In that case, the error was made by a subcontractor used for the mailing.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist