Jenna Susko, Julie Putnam and Jeremy Carroll report:
When Don Thorvund unexpectedly got hurt on the job, he went through the proper channels to get treatment through a workers’ compensation claim. But when he opened the envelope for what he thought was his settlement documents, he found someone else’s worker’s compensation paperwork. The documents included the stranger’s personal information such as her social security number, home address and injury information.
Don had no idea where is own information was sent.
[…]
He called his insurance company, who told him it had hired a third party company to assist with paperwork and that it was the company WorkComp Resolutions that had sent out this envelope.
Don says when he contacted the company, located in Anaheim Hills, he was told interns had stuffed the envelopes that day, but that was all they knew.
Read more on NBC.
So once again, we see medical information involved in breaches that are not covered by HIPAA. I continue to firmly believe that any entity collecting and storing sensitive medical information (e.g., diagnoses, treatment) should be covered by HIPAA’s privacy and security rules.