Hartford-based CareCentrix, Inc. is a home care network that contracts with health plans to provide home care services for their insured members. In that context, CareCentrix has access to personal and protected health information of those to whom they provide services.
On August 11, law enforcement contacted CareCentrix and informed them that a former employee had been arrested on July 18, and at that time, had been found in possession of PHI of certain individuals. The employee had last worked for CareCentrix on July 10. Not all of the PHI found in the former employee’s possession related to CareCentrix patients, but some of it did, and such information may have included names, dates of birth, social security numbers, health plan insurance numbers, and/or types of home care services, equipment, or supplies.
The former employee had access to that information in the course of their duties in collecting copayments, coinsurance, and deductibles for services. It is not clear from CareCentrix’s notice whether the information had been misused and if so, for what purposes.
On September 18, CareCentrix notified the New Hampshire Attorney General’s Office and provided a template of their notification letter to those affected. The total number of patients affected was not reported.
Those patients who use the CareCentrix patient portal were encouraged to change their login and password. All those affected were offered a year of services with AllClear SECURE and AllClear PRO from AllClear ID.
There is no notice on CareCentrix’s web site as of the time of this posting.