[Dataloss] Medical Data on Empire Blue Cross Members May Be Lost

[Dissent]

http://www.nytimes.com/2007/03/14/business/14insure.html?_r=1&n=Top%2fReference%2fTimes%20Topics%2fSubjects%2fP%2fPrivacy&oref=slogin


WellPoint, one of the nation's largest health insurers, has begun 
notifying 75,000 members of its Empire Blue Cross and Blue Shield 
unit in New York that a compact disc holding their vital medical and 
other personal information had disappeared.

The information was on an unencrypted disc that a subcontractor 
recently sent to Magellan Behavioral Services, a company in Avon, 
Conn., that specializes in monitoring and coordinating mental health 
and substance abuse treatments for insurance companies.

Empire began notifying the affected consumers by mail on Saturday 
that their records ­ including their names, Social Security numbers, 
health plan identification numbers and description of medical 
services back to 2003 ­ had been lost.

The company says it will provide 12 months of free credit monitoring 
by Equifax Credit Watch for any of those health plan members who fear 
that they may fall victim to identity theft.

Before shipping the information to Magellan, the coding and passwords 
that protect the privacy of the information was removed by a Magellan 
subcontractor, Lisa Ann Greiner, an Empire spokeswoman, said yesterday.

Janlori Goldman, the director of the Health Privacy Center, a 
nonprofit organization in Washington, said the error was "an 
egregious breach of privacy." She said that insurance companies were 
responsible under a federal privacy law for ensuring that their 
contractors use adequate security procedures.

Ms. Greiner said that the subcontractor, Health Data Management 
Services, worked for Magellan, not Empire. "If any contract was 
breached, we are going to take direct action," she said.

[...]

--
Main site: http://www.pogowasright.org
Main RSS feed: http://www.pogowasright.org/backend/pogowasright.rss
Breaches RSS feed: http://www.pogowasright.org/backend/breaches.rss