Mailing Mistake HIPAA Violation Sees EmblemHealth Penalized $575k

March 14, 2018


A $575,000 settlement with the New York Attorney General has been approved by EmblemHealth after a 2016 posting mistake that saw the Health Insurance Claim Numbers of 81,122 clients written on the outside of covers.

New York Attorney General Eric T. Schneiderman declared the disbursement and stated that the Health Insurance Portability and Accountability Act (HIPAA) needs HIPAA protected units to create administrative, physical, and safety measures to guarantee the privacy of patients’ and plan members’ confidential health data.

An exclusive patient identifier is written on the covers in all mailings, in this specific occurrence, the possibility for damage was substantial because Health Insurance Claim numbers include the Social Security numbers of customers.

EmblemHealth didn’t adhere with “several standards and procedural specifications” that are compulsory according to HIPAA rules. Attorney General Schneiderman also disclosed that having Social Security numbers discernable on the outside of covers breach New York General Business Law § 399-ddd (2) (e).

EmblemHealth is needed to adopt a strong corrective action plan that needs a complete risk analysis to be carried out related to the posting of policy documents, along with the $575,000 payment, The Attorney General’s office should be made conscious of the result of that risk examination evaluation within six months. Policies and procedures that involve mailings should also be continuously studied and refreshed based on the official results of the risk analysis.

EmblemHealth should list, check and monitor mailings and make certain that all members of staff involved in mailings get the correct training. They should also be taught on informing any violations of the HIPAA Least Essential Standard to EmblemHealth officials to permit quick corrective action to be taken manage risks to people. EmblemHealth should also inform all safety occurrences to the Attorney General’s office for a period of 3 years from the payment date.

New York State Attorney General Schneiderman said “weak and obsolete safety rules” which he has tried to address by launching the ‘Stop Hacks and Improve Electronic Data Security (SHIELD) Act’ in November 2017.

There will now be one more attempt to get the SHIELD Act approved. Schneiderman states that the SHIELD Act will improve safety for state inhabitants. Businesses will also be accountable for data breaches that result in customers’ private data being exposed.