A missing compact disc containing confidential medical and personal information on 75,000 Empire Blue Cross and Blue Shield members was recovered yesterday, according to Magellan Behavioral Services, a managed care company that monitors payments for mental health and substance abuse cases of insurers.
A spokeswoman for Magellan, Erin S. Sommers, said the company received a telephone call yesterday morning saying that the CD, which had been missing since January, was delivered by mistake to a residence in the Philadelphia area. The recipients contacted a Magellan office in Philadelphia, she said.
Magellan sent two security employees to identify the CD, interview the people who received it and take it to the office. “We have no reason to believe, based on our interviews, that there was any improper access to the evidence,” Ms. Sommers said.
The recipients were assembling a new audio system when they found the Magellan disc among the packages, she said.
The coding and password protection for the information on the CD, which included the names of patients, their doctors, hospitals, Social Security numbers and medical claims going back to 2003, had been removed by the sender, Health Data Management Solutions, a company working for Magellan, she said.
Health Data Management Solutions is a unit of ActiveHealth Management, a data management company owned by the Aetna insurance company. Health Data and Magellan staff members “had agreed to exchange the data in an unencrypted manner,” an ActiveHealth spokeswoman, Oonagh Holt, said.
Both companies said that they were no longer sending patients’ information without coding protection. Failure to provide adequate security protection for individuals’ medical records is prohibited by privacy laws.