Senior Health Partners Suffers 2.7K HIPAA Breach

The New York-based insurer, Senior Health Partners, has announced it has suffered a HIPAA breach that potentially affects up to 2,700 members. It is understood that the breach involves healthcare data and the notification warns that PHI has potentially been compromised.

The breach was caused when two mobile devices were stolen from the apartment of a nurse employed by Premier Home Health; a Business Associate of Senior Health Partners. Some healthcare data was accessible via an unencrypted Smartrphone although the majority was encrypted on the laptop. Both devices were stolen from the nurse’s home on Nov 26, 2014.

As a Business Associate of Senior Health Partners, Premier Home Health was required to sign a Business Associate Agreement and take steps to protect any PHI it holds on patients. Safeguards had been implemented including data encryption on mobile devices, which under normal circumstances renders the data unreadable in the event of theft.

The HIPAA breach occurred because the security key needed to unencrypt the data was written in the laptop case, which was also stolen in the break in. This rendered the data protection useless.

In the statement released by SHP, the company says it “is reviewing and updating its policies and procedures, and those of its business associates, to prevent a similar incident from recurring.”

According to the statement, the data potentially accessed by the thieves include names, address, Social Security numbers, Medicaid ID numbers, dates of birth, phone numbers, health insurance claim numbers and medical services rendered and diagnoses received. One individual had further data disclosed and has been notified separately.

A forensic analysis was conducted following the breach, although its results were limited without access to the laptop. It could not be determined whether access to the data was attempted or gained, but there were no signs that this had occurred.

The data was only accessible via an email attachment, which contained information on approximately 2,700 members and breach notification letters have now been dispatched to all concerned.

In an effort to mitigate any damage caused, SHP is offering all affected individuals a year of free credit monitoring and identity protection services, credit restoration services for victims and a dedicated assistance line with access to expert advice.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.