According to the company, the mistake was quickly rectified and:
“No social security numbers, date of birth or other financial information were included on the information sent to the incorrect prior addresses.”
Blue Cross Blue Shield of Florida is calling the incident a “mailing error.”
This mailing error is actually a breach, according to HealthDataManagement.com.
Even though the mail- outs did not contain social security numbers, date of birth or other financial information, they did contain member name, insurance number, diagnoses codes and descriptions, procedure code and description, prescription name and provider name.
It would seem that a savvy identity thief could use this information to their advantage. Unfortunately for those 3,500 members, Blue Cross Blue Shield of Florida is not currently offering identity theft protection for those members affected by the error.
Remaining Vigilant About Medical Privacy
In the wake of this breach, those 3,500 members, along with the rest of us, should be vigilant against medical identity theft. The Bureau of Consumer Protection’s website gives victims, along with the general public, some solid advice on how to detect and react to medical identity theft.
The website gives several key signs of what a victim of medical identity theft may see in their medical billing. Those signs are:
• Getting a bill for medical services they didn’t receive;
• Being contacted by a debt collector about medical debt they don’t owe;
• Seeing medical collection notices on their credit report that they don’t recognize;
• Being told by their health plan that they’ve reached their limit on benefits; or
• Being denied insurance because their medical records show a condition they don’t have.
Though these signs are serious, there are steps victims can follow an in attempt to rectify the situation.
Understand HIPAA and Protect Your Privacy
The Bureau of Consumer Protection’s website recommends that medical identity theft victims should become familiar with the HIPAA Privacy Rules, contact their medical plan provider, correct the inaccurate or incomplete information, and notify other parties (such as labs or other health care providers) that might have received the incorrect information.
The website also makes the following assertions.
• The HIPAA Privacy Rule gives people the right to copies of their records maintained by covered health plans and medical providers. Patients may ask for copies of their medical and billing records to help identify the impact of the theft, and to review their records for inaccuracies before seeking additional medical care.
• Patients have the right to have their medical and billing records amended or corrected. Patients should be encouraged to write to their health plan or provider to dispute the inaccurate information.
• Patients have the right to an accounting of disclosures from their medical providers and health plans. An accounting of disclosures may help indicate to patients whether there has been an inappropriate release of their medical information.
• Patients have the right to file a complaint if they believe their privacy rights have been violated. For example, it would be a violation if a medical provider refused to provide someone with a copy of his or her own medical record.
In this day and age, when information is just as valuable as cash and jewelry, we cannot rely on the corporations to protect our information.
The Blue Cross Blue Shield of Florida breach is just one example of how corporate information protection precautions can break down, leaving patients at risk.
It is up to patients to be aware of what is in our files, how that information is being used, and who it is receiving our private medical information and whether they actually have the right to that information.Originally published on TopSecretWriters.com