Lost AmeriHealth Mercy Flash Drive Exposes Data of 280,000 Medicaid Members

 
 
By Brian T. Horowitz  |  Posted 2010-10-22 Email Print this article Print
 
 
 
 
 
 
 

The AmeriHealth Mercy insurance company has lost a portable flash drive containing personal information for 280,000 Medicaid recipients.

A portable flash drive missing from the offices of Keystone Mercy Health Plan and AmeriHealth Mercy Health Plan, in Philadelphia, has jeopardized the personal information of 280,000 Medicaid members

An employee for the health plans had stored the personal information for the Medicaid members on an unencrypted hard drive while testing a new hardware product and misplaced the device at the office, Keith Eckert, a spokesperson for The AmeriHealth Mercy Family of Companies, wrote in an e-mail to eWEEK. 

The AmeriHealth Mercy Family of Companies is the largest Medicaid plan organization in the United States, the company reports. 

"Despite an exhaustive search, we have been unable to find the missing drive," Eckert said. "Keystone Mercy and AmeriHealth Mercy are now actively and responsibly executing a multifaceted plan to inform those affected, while also evaluating and enhancing our security measures to ensure this does not happen again. There have been no reports of anyone attempting to use the information stored on the drive."  

AmeriHealth Mercy will send letters to those members affected, Eckert said.

In addition, the company will contact community and advocacy groups, legislators, and health care providers to inform people about the situation. 

On the flash drive were names, addresses, plan ID numbers and some personal health information, AmeriHealth Mercy reports.

The device also held the Social Security numbers of seven members and the last four Social Security digits of 801 others. The same portable device was also used at health fairs, according to The Philadelphia Inquirer. 

The newspaper reportedly learned of the breach before AmeriHealth Mercy publicly disclosed it, the Philadelphia Inquirer reports. 

Meanwhile, AmeriHealth Mercy has instituted changes to its systems since the incident but didn't get into details on what changes have been made. 

The health plan will also launch an employee training program to encourage the protection of members' personal health data. 

In addition, the company has 60 days to report the incident to the Department of Health and Human Services Office for Civil Rights, which enforces the HIPAA privacy regulations

HHS defines a breach as "an impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of the protected health information such that the use or disclosure poses a significant risk of financial, reputational or other harm to the affected individual." 

Keystone Mercy Health Plan serves 300,000 Medicaid members in Southeastern Pennsylvania, which includes Bucks, Chester, Delaware, Montgomery and Philadelphia counties, while AmeriHealth provides health coverage to 100,000 people in 15 counties in Northeastern Pennsylvania and the Lehigh/Capital area.

In another major breach, South Shore Hospital, in South Weymouth, Mass., reported on July 19 that 800,000 personal records were lost instead of destroyed by a data management firm. On Sept. 8 the hospital announced that it had completed its investigation and that the breach resulted in little to no risk of exposure. Files on a lost backup tape could not be accessed, according to the hospital.

 
 
 
 
Brian T. Horowitz is a freelance technology and health writer as well as a copy editor. Brian has worked on the tech beat since 1996 and covered health care IT and rugged mobile computing for eWEEK since 2010. He has contributed to more than 20 publications, including Computer Shopper, Fast Company, FOXNews.com, More, NYSE Magazine, Parents, ScientificAmerican.com, USA Weekend and Womansday.com, as well as other consumer and trade publications. Brian holds a B.A. from Hofstra University in New York.

Follow him on Twitter: @bthorowitz

 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel