Mailroom Employee Exposes 3,675 Highmark Members' Data


The Pittsburgh Tribune-Review reports that health insurer Highmark recently began notifying 3,675 of its Medicare Advantage members that their personal and medical information may have been disclosed to others by mistake (h/t Becker's Hospital CIO).

An error by a mailroom employee apparently led to the affected members' risk assessment results being sent to other members on April 19, 2014. The statements included member names, addresses, birthdates, member identification numbers, and some medical information.

Highmark chief privacy officer Lisa Martinelli told the Tribune-Review that some of the forms listed medications being taken by members, scores on mood tests for depression, and scores for frailty tests. Still, she said, "It is unlikely that anyone has done anything with this data."

The mistake was discovered when members contacted Highmark to say they'd received other people's information.

The mailroom employee responsible for the error has been fired, and all affected members' ID numbers have been changed.