Breach of PHI of 19,570 Missouri Care Members Due to Mis-Maiing

Missouri Care made an error in a sending letters to a number of plan members reminding them to schedule well-child visits. Because of the error, the personal data of around 20,000 children was inadvertently exposed to other Missouri Care plan members.

The children’s names and ages including the provider’s names were specified in the mail. There was no medical information or other sensitive data disclosed, hence it is improbable that information will be misused. However as a security measure, the parents and legitimate guardians of impacted children were cautioned to watch for any dubious transactions on their credit card charges and billing statements. They were additionally cautioned not to give any private information in reply to email requests. All persons impacted by the breach were likewise provided complimentary credit monitoring services.

WellCare Health Plans Inc. learned about the mailing problem on July 25, 2018. After that, an investigation was started to find out how the mistake took place and who were affected by the data breach. There were 19,570 letters mailed to various member. It’s uncertain, nonetheless, how many mailings had the incorrect address.

With the HIPAA, the exposed personal information is considered as protected health information (PHI). In case of compromise of such data, notices ought to be sent to all persons impacted by the data breach. Considering that there were more than 500 individuals impacted, it was additionally mandatory to issue a media notification concerning the data breach and to inform the Kansas City Star.

Due to the breach, WellCare Health Plans Inc. examined and updated their policies and procedures concerning mailings to prevent similar incidents from happening again.

This is the second mis-mailing incident in Missouri Care members the past year. One more mailing error took place in August 2017, which resulted in the disclosure of the PHI of 1,223 plan members. In the other incident, a subcontractor was liable for the mailing mistake.

About Christine Garcia 1297 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at