Missouri Care Notifies Medicaid Recipients of Subcontractor Breach

Share this article on:

A mailing error by a subcontractor of Missouri Care Inc., has resulted in the protected health information of 1,223 participants being impermissibly disclosed to other individuals. The MO HealthNet-managed care plan was informed of the breach by O’Neil Printing on July 20, 2017. The privacy breach has been attributed to a software programming error.

The error potentially resulted in the names, birth dates, MO HealthNet ID numbers and Missouri Care member ID numbers of Medicaid recipients being mailed to incorrect recipients. The Missouri Department of Social Services has confirmed that Social Security numbers, financial information and medical information were not involved.

O’Neil Printing identified the cause of the error and has since corrected its software to prevent further mis-mailings. The error only affected mailings on July 11 and July 13, 2017.

Missouri Care has been working closely with MO HealthNet to ensure affected individuals were notified promptly. Letters informing participants of the privacy breach were recently sent in the mail, well within the deadline of the HIPAA Breach Notification Rule.

There is no reason to suggest any of the disclosed information has been misused in any way, although out of an abundance of caution, all affected individuals have been offered complimentary credit monitoring services for 12 months, the cost of which will be absorbed by Missouri Care. Further information on measures that can be taken to reduce the risk of identity theft and fraud have also been provided to the privacy breach victims, such as monitoring Explanation of Benefits statements for any sign of fraudulent activity.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.

Share This Post On