Oops! It seems I missed another Blue Cross Blue Shield mailing error data breach. It’s understandable, I suppose, since there have been a bunch of Blue Cross breaches in the past few months, but thanks to the good folks at ITRC for alerting me to the omission.
Here’s Blue Cross Blue Shield of Florida’s statement about the breach:
JACKSONVILLE, Fla., June 17, 2011 /PRNewswire/ — In April 2011, Blue Cross and Blue Shield of Florida (BCBSF) discovered that, because of a manual error, it had inadvertently mailed some member health statements to incorrect prior addresses. BCBSF fixed the issue immediately. BCBSF has evaluated its processes and made the appropriate changes to prevent this error from reoccurring. Impacted members have been contacted. No social security numbers, date of birth or other financial information were included on the information sent to the incorrect prior addresses.
Less than 3,500 members (out of nearly 4 million members) were impacted by this one mailing. All other mailings of member information were mailed to the current address on file with the company.
BCBSF has established a dedicated customer service line for impacted members to call if they have any questions about this matter or would like to update their address. The toll free number is 877-526-1013.
About Blue Cross and Blue Shield of Florida:
Blue Cross and Blue Shield of Florida is a leader in Florida’s health industry. Since 1944, the company has been dedicated to meeting the diverse needs of all those it serves by offering an array of choices. BCBSF is a not-for-profit, policyholder-owned, tax-paying mutual company. Headquartered in Jacksonville, Fla., BCBSF is an independent licensee of the Blue Cross and Blue Shield Association, an association of independent Blue Cross and Blue Shield companies. For more information concerning BCBSF, please visit its website at www.bcbsfl.com.
SOURCE Blue Cross and Blue Shield of Florida
According to Joe Goedert on Health Data Management:
Information in the documents sent to wrong addresses included member name, insurance number, diagnoses codes and descriptions, procedure code and description, prescription name and provider name. No Social Security numbers, financial information or dates of birth were included. The plan currently is not offering credit or identity theft protection services.
In other mail-related data breaches this year:
- Anthem Blue Cross issued a statement concerning the 37,900 mailings that went out to Medicare Supplement members with their names, addresses, zip codes, and their Social Security Numbers written next to the words “PRIORITY CODE.”
- Blue Cross and Blue Shield of Florida issued a statement apologizing that 7,400 members’ explanation of benefits statements were sent to their old addresses in January.
Hey, wait a minute: isn’t the newest breach from this month exactly the same kind of problem that they had in January? At the time, they wrote:
In late January 2011, Blue Cross and Blue Shield of Florida (BCBSF) discovered that, because of a system error, it had inadvertently mailed some member health information to incorrect addresses. BCBSF regrets that this error occurred. BCBSF fixed the issue the same day it was discovered and current addresses are now in place for all of these members. BCBSF has evaluated its systems and made the appropriate changes to prevent this error from reoccurring.
Oh, I see: the problem in January was a system error. The problem in April was a manual error. Whew – I was afraid that they hadn’t really addressed the problem in January, but if it was a manual error, well, then, this will never happen again…. we hope.
- Also in January, Blue Cross Blue Shield of Michigan apologized to 6,500 members whose personal, but non-medical information was exposed on a third-party vendor’s web site.