Misplaced CD Had Social Security Numbers of 18,854 Health Scheme Associates

18,854 health scheme associates have been alerted of a possible breach of their PHI after the loss of a compact disc in the post.

A worker at Aetna Signature Administrators (ASA), a supplier of management and network facilities to group health schemes, posted a compact disc having confidential health scheme associates’ information to a different ASA worker. The compact disc was delivered on September 9; nevertheless, the compact disc was misplaced from the cover.

The compact disc had statements that had been delivered to ASA by health schemes or health plan managers. The statements were used by ASA to assess and choose services and programs for health plan associates.

The statements had the dates of birth of health scheme associates together with their Social Security numbers, and in a few cases, names as well as addresses. People impacted plans by the occurrence were alerted of the possible ePHI breach previous month.

Since Social Security numbers were leaked, ASA has provided all affected people one year of free identity thievery safety facilities through Equifax (Equifax Credit Watch Gold). The facilities are provided as a preventive measure against identity thievery and scam. ASA hasn’t received any reports to indicate the compact disc has been retrieved or used by illegal persons. Neither the U.S. Postal Services nor ASA has found the misplaced compact disc.

This is the second case of this type to be reported in the previous week. The previous week, OptumHealth New Mexico declared that a BA had posted an unencrypted flash drive in the post, however, it didn’t arrive at its destination.

ASA has now decided to cease posting CDs having ePHI and will use other, more safe ways of communication in the time to come. Employees have also been re-educated on handling confidential health plan associates’ information as well as health plans have been ordered not to include associates’ Social Security numbers in reports presented to ASA.