Mailing Printing Error Resulted to the Exposure of 3,000 Patients’ PHI

Maximus Inc is a business process management and technology solutions company providing their services to government health and human services agencies. Due to an error in a recent mailing, Maximus Inc is sending notification to more than 3,000 individuals that some of their protected health information was accidentally disclosed to other people.

Business Inc, a business associate of Maximus Inc, prepared and sent the mailing from February 10 to February 13, 2018. Approximately 1,100 families in Texas who joined the Medicaid and the Children’s Health Insurance Program (CHIP) received the mailing.  Maximus discovered the error on February 16, 2018.

The 6-page letter has one mismatched page, which contained information relating to another person. The information included on that one page was limited to names, group numbers, addresses, case numbers and program type. It contained no highly sensitive information like Social Security numbers, dates of birth, financial information or insurance information. Also, the information on the mismatched page cannot be used to gain access to another person’s account. Because of the extremely limited information exposed, there is no need for the impacted persons to take any action to mitigate risk. But out of abundance of caution, Maximus issued notification letters.

Maximus investigated the incident and was assured that the mailing vendor has corrected its printing processes so that similar errors won’t happen in the future. There has been no reports received yet that suggest the misuse of any of the disclosed information. Databreaches.net reports that 3,029 persons had their information impermissibly disclosed because of the printing and mailing error.