Breach Prevention: Empty the Cabinet

Insurer failed to remove paper records when donating furniture
Breach Prevention: Empty the Cabinet
Just when you think you've heard about all the potential ways healthcare information can be breached comes word of an insurance company that forgot to empty a filing cabinet it donated along with other surplus office furniture.

Blue Cross & Blue Shield of Rhode Island reports that paper files containing personal information on about 12,000 of its BlueCHIP for Medicare members were left in the filing cabinet that it donated. The documents contained health surveys from 2001 to 2004 that included members' names, addresses, telephone numbers, Social Security numbers, Medicare ID numbers and self-reported medical information.

When the organization receiving the donated furnishings alerted the insurer that it found documents inside the cabinet, the insurer retrieved the paperwork, launched an investigation and alerted state and federal authorities. It also wrote to the 12,000 affected members, offering them a special hotline as well as free credit monitoring for one year.


Under the HITECH Act's breach notification rule, breaches affecting more than 500 individuals must be reported to federal authorities and the media within 60 days. The Office for Civil Rights within the Department of Health and Human Services regularly updates a list of these breaches.

"Fortunately, thanks to the swift action of the nonprofit in notifying us, we believe there is little chance that member information will be misused," says James Purcell, president and CEO of the BCBS plan.

As a result of the incident, which involved the failure of certain employees to adhere to company policies and procedures, "the responsible employees have been appropriately disciplined, including several who have been terminated," the BCBS plan said in a statement.

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.