An error in a Missouri Care mailing reminding parents to book well-child appointments has resulted in the accidental disclosure of almost 20,000 children’s protected health information to other Missouri Care members.
The names and ages of the children as well as their provider’s names were detailed in the letters. There was no health information or sensitive information exposed, thus it is unlikely for misuse of information to occur. However, as a safety precaution, the parents and legal guardians of affected children were advised to be on the lookout for any suspicious activity on their account statements. They were also cautioned about providing any personal information in response to email or telephone requests. All people affected by the breach were also offered free credit monitoring services.
WellCare Health Plans Inc. discovered the mailing error on July 25, 2018. An investigation was launched to determine how the error happened and who was impacted by the breach. It was determined that up to 19,570 individuals may have been affected. AS required under HIPAA Rules, all individuals affected by the breach have been notified by mail and a press release about the breach was also issued to a prominent media outlet in the state, the Kansas City Star.
In response to the data breach, WellCare Health Plans Inc. reviewed and updated its policies and procedures for mailings to prevent any recurrences. This is the second time that Missouri Care members have been affected by a mis-mailing incident in the past year. Another mailing error happened in August 2017, resulting in the exposure of the PHI of 1,223 members. In that instance, a subcontractor was responsible for the mailing error.