Christopher Snowbeck reports:
Bloomington-based HealthPartners is sending letters to about 38,000 health plan members regarding a privacy breach that occurred between 2008 and 2010.
The breach involved a HealthPartners employee who wrongly shared information with a family member in order to get help formatting files to prepare quality improvement reports, according to a news release issued Friday by the health insurer.
Files also were improperly copied to multiple devices in order for the employee to work from home. As a result, the insurance company says it has recovered several devices, and continues to look for others, that could contain the data.
Read more on Pioneer Press.
A statement, linked from HealthPartner’s home page, says:
As an administrator of health plans, HealthPartners collects and maintains personal information about our members. We recently learned about an incident that involved some of our health plan members’ personal information.
In addition to notifying affected members by letter, we also are posting this information to our Web site. The following information explains what happened, what it means for those affected, and how you can find answers to any questions you may have.
What happened?
We received a call on January 21, 2014. The call was about a HealthPartners employee who had taken home electronic files with health plan information.
We began an investigation. We learned that this happened between 2008 and 2010. The employee showed the data to a family member to get help with the files. The files were copied to several computers and devices so the employee could work from home.
We believe the employee and the family member meant no harm, but this was wrong. It was against our rules for handling member information. We have recovered several computers and devices involved. We continue attempts to locate any possible others.
We are sorry that this has happened and apologize to those who have been affected.
Was my information in the files and how can I know?
On March 4, 2014, we were able to identify the members whose information was in the files. We have mailed letters to those members to let them know about this mistake.
If you did not receive a letter and still wish to verify whether you were affected or not, please call us at 1-866-316-1495.
What kind of information was involved?
Information that was not in the files:
- Medical records
- Credit card information
- Social security numbers (with one exception, see below)
- Member addresses
- Member telephone numbers
- Email addresses
The files did include member name, date of birth, and health plan member number.
In some cases, the files included gender, provider name and location, and a general description of health care services received, and feedback members gave to us about services they received.
One member’s social security number was in the files. We have already contacted that member directly by telephone.
What is HealthPartners doing for those who were affected?
In the notification letters we have sent to affected members, we are offering them one year of free identity protection provided by First Watch Technologies, Inc. We are asking affected members to call 1-866-316-1495 if they would like to use this service.
We do not believe there is risk for identity or financial theft. The shared information was limited. We do not believe the information was shared with anyone other than the employee’s family member. We also do not believe the information was used for anything other than the employee’s work.
What is HealthPartners doing to make sure this won’t happen again?
We regret this mistake. We promise to use what we have learned to make improvements. We are always working to do more to protect member information. For example, we encrypt all laptops, smart phones, flash drives, and other devices used for company business. This makes data unreadable if it gets into the wrong hands. We will also have more employee training about how to keep member information safe.
Who should I call if I have questions?
We apologize. We want to earn and keep your trust. We know that our members may have questions, so we have set up a special call center. Please call 1-866-316-1495 if you have questions or would like to talk with us more.