Menu Close

EmblemHealth Agrees to Data Breach Settlement

Posted in HIPAA and the HITECH Act, Litigation, Privacy and Data Protection, Private Insurers, State Matters

New York insurer EmblemHealth has agreed to a $575,000 settlement with the New York Attorney General’s Office over the disclosure of more than 80,000 Social Security numbers (SSNs) through a mailing error. Attorney General Eric T. Schneiderman announced the settlement on March 6.In 2016, EmblemHealth mailed to policyholders paper copies of their Medicare Prescription Drug Plan Evidence of Coverage in envelopes whose mailing labels inadvertently included the addressee’s SSN. Similar mailings generally use a unique identification number. In addition to violating HIPAA because an SSN is “protected health information” in this context, the mailing violated a New York law prohibiting printing SSNs on envelopes. The mailing was sent to 81,122 insureds, including 55,664 New York residents.

In addition to the $575,000 payment, EmblemHealth has agreed to implement a corrective action plan that includes conducting a comprehensive risk assessment, and reviewing and revising its policies and procedures based on the results of the assessment. The insurer must also improve its procedures for policyholder mailings and ensure that its workforce members are adequately trained. 

Leave a Reply

Your email address will not be published. Required fields are marked *