As submitted to the California Attorney General’s Office:
On March 23, 2018, the Blue Shield of California (Blue Shield) Privacy Office received confirmation that your Protected Health Information had been shared with an insurance broker who was not authorized to receive it. The disclosure occurred in November 2017, during the 2018 Medicare Annual Enrollment Period, when a Blue Shield employee emailed a document containing your PHI to an insurance broker in violation of Blue Shield policies. We sincerely apologize for this incident and regret any inconvenience it may cause you.
The Protected Health Information (PHI) disclosed included only the following: your name, home address, mailing address, Blue Shield subscriber identification number, telephone number, and the name of the Blue Shield Medicare Advantage plan you were enrolled in at the time.
Blue Shield began its investigation into this matter in mid-January 2018. We believe that the broker who received your PHI may have used it to contact you for purposes of selling you a Medicare Advantage Plan offered by another health insurance company.
Blue Shield has reported this matter to the Centers for Medicare and Medicaid Services (CMS), which oversees the Medicare program. We have taken disciplinary action against the employees who were responsible for sending your PHI to the insurance broker. Our Medicare sales staff is being re-trained on the appropriate use and disclosure of member PHI.
[…]
Read the full notification here.