Business
Privacy breaches at Blues plans in Florida, North Carolina
NEWS IN BRIEF — Posted March 13, 2006
BlueCross BlueShield of Florida blames a contractor for the breach of the names and Social Security numbers of 27,000 former and current employees, vendors and other contractors.
The health plan said it discovered the information leak when its computer system alerted it that data had been transferred inappropriately less than a day earlier, a spokeswoman for the plan told the Associated Press.
The Blues plan didn't identify the contractor who e-mailed the data from one of the insurer's databases to his own home computer because of a federal investigation into the matter. The plan is offering one year of free credit monitoring services for those whose data were lost.
Meanwhile, human error was blamed for BlueCross BlueShield of North Carolina printing the Social Security numbers of more than 600 members on the labels of envelopes it had mailed to them with information about a consumer-directed health plan that they had applied for, Computerworld magazine reported.
As part of a broader effort to protect privacy, the health plan has been using a new 11-digit tracking number instead of Social Security numbers to identify patients, but an internal "linking" of the two numbers may have contributed to the error, a plan spokeswoman told Computerworld.
The plan discovered the privacy breach Jan. 30 and notified the affected members Feb. 1, instructing them to check for fraudulent activity by contacting the major credit reporting bureaus. The plan is examining its internal processes and procedures to determine how to avoid making similar mistakes.
Note: This item originally appeared at http://www.ama-assn.org/amednews/2006/03/13/bibf0313.htm.
