It all goes to show you that even without electronic medical records in place, computers can screw things up. This week, Georgia's largest health insurer has concluded that it sent about 202,000 benefits letters containing both personal and health information to the wrong addresses last week. Blue Cross and Blue Shield of Georgia said the mailings were largely Explanation of Benefits letters, which include the patient's name and ID number, the name of the medical provider that delivered the service and the amounts charged and owed. Not only is the mistake a possible invitation to identity theft, but it could turn out to be a HIPAA violation as well.
The Blue plan, which has 3.1 million Georgia policyholders, said that the error occurred due to a change in one of its computer systems that had not been tested properly. Executives say that they've altered the system so this kind of mistake can't happen again. Meanwhile, the plan--a subsidiary of giant WellPoint--is providing free credit monitoring for affected patients for one year. It's also giving written notice to policyholders whose names were on the EOBs, and compiling a list of those who received other members' EOBs in error.
To learn more about the breach:
- read this Atlanta Journal-Constitution article
Related Articles:
WellPoint data may have been compromised
Seattle health system will pay $100K HIPAA fine
U.S. hospitals have security 'blind spot'
Trend: Identity thieves get better at stealing medical records