Hawai‘i Medical Facility Association Privacy Infringement Affects 10,800

Autonomous Blue Cross Blue Shield license holder Hawai‘i Medical Service Association (HMSA) has begun sending infringement announcement letters to 10,800 members warning them to a privacy infringement that led to one member’s medical disorder being revealed to another HMSA member.

The privacy infringement was triggered by a mistake made with the dispatching of care management letters to members, which led to letters being dispatched to mistaken people.

The mistakenly transmitted care management letters had the name of an HMSA member together with info to assist that person manage a particular health condition, like diabetes, asthma, or health and lung illness.

As per a substitute infringement announcement put on the HMSA website, no Social Security numbers, financial information, membership ID numbers, or other confidential personal info were included in the letters. People affected by the privacy infringement don’t therefore face a danger of identity thievery as a consequence of the unintentional revelation of PHI.

In addition to informing affected people by mail, HMSA is getting in touch with all receivers of the mistakenly mailed letters to make sure the correspondence is disposed of properly if recipients still possess the letters.

What’s strange about this mailing mistake is how long it was permitted to carry on before the mistake was known. The inquiry into the privacy infringement showed that the mistake first happened in April 2015 and persisted until November 2015. HMSA wasn’t made conscious of the mailing mistake until December 3, 2015.

People who get a wrong letter from a healthcare association generally raise the warning within a few days. A healthcare mailing mistake leading to a few people getting wrong correspondence may not lead to any objections being made to the healthcare administration in question. Nevertheless, as per the infringement report submitted to the Office for Civil Rights, 10,800 people got incorrect letters. It’s therefore strange that it took so long for HMSA to be made conscious of the mistake.

Now that the mistake has been known and patients informed, HMSA has taken measures to avoid similar mailing mistakes from occurring in the future.

Link copied to clipboard
Photo of author

Posted by

Mark Wilson

Mark Wilson is a news reporter specializing in information technology cyber security. Mark has contributed to leading publications and spoken at international forums with a focus on cybersecurity threats and the importance of data privacy. Mark is a computer science graduate.