Breach Prevention: Empty the CabinetInsurer failed to remove paper records when donating furniture
Blue Cross & Blue Shield of Rhode Island reports that paper files containing personal information on about 12,000 of its BlueCHIP for Medicare members were left in the filing cabinet that it donated. The documents contained health surveys from 2001 to 2004 that included members' names, addresses, telephone numbers, Social Security numbers, Medicare ID numbers and self-reported medical information.
When the organization receiving the donated furnishings alerted the insurer that it found documents inside the cabinet, the insurer retrieved the paperwork, launched an investigation and alerted state and federal authorities. It also wrote to the 12,000 affected members, offering them a special hotline as well as free credit monitoring for one year.
Under the HITECH Act's breach notification rule, breaches affecting more than 500 individuals must be reported to federal authorities and the media within 60 days. The Office for Civil Rights within the Department of Health and Human Services regularly updates a list of these breaches.
"Fortunately, thanks to the swift action of the nonprofit in notifying us, we believe there is little chance that member information will be misused," says James Purcell, president and CEO of the BCBS plan.
As a result of the incident, which involved the failure of certain employees to adhere to company policies and procedures, "the responsible employees have been appropriately disciplined, including several who have been terminated," the BCBS plan said in a statement.