CarePlus Health Plans in Miami, Florida had a privacy breach incident. The protected health information of certain plan members was accidentally disclosed to other health plan members. Apparently, CarePlus mailed the explanation of benefits (EoB) statements to plan members on January 9 and 16, 2018. It came to the attention of CarePlus on January 17 that some of the mailed statements were sent to the wrong persons.
The information included in the EoB statements were names, addresses, service providers, dates of service services provided, CarePlus health plan names and CarePlus identification numbers. There was no financial information or Social Security numbers included in the EoB statements. No report has been received that suggest the misuse of the disclosed information.
CarePlus has already investigated the mismailing incident. The cause of the incident was attributed to several programming and printing errors. Appropriate action has been taken to make sure that the same privacy breach won’t happen again. Members whose PHI had been disclosed were sent notification letters about the accidental breach.
The Department of Health and Human Services’ Office for Civil Rights has not yet published the incident on its data breach portal. But, WFLA already reported the fact that 11,200 plan members were impacted by the incident.
This is not the first time CarePlus Health Plans had a mismailing incident. In September 2015, 1400 CarePlus Health Plans members were impacted by a mailing error. Two EoB statements were received by one person. The correct EoB statement and the statement of another plan member were inserted in one envelope.