An employee email error at Independent Health has resulted in the PHI of 7,600 health plan members being compromised.
Independent Health, based in Amherst, MA, discovered that employee erroneously emailed documents containing the PHI of 7,600 members to one of its members. As the email recipient was not authorised to access this information, the error constitutes a breach of PHI. The incident took place on March 19, 2019.
The email recipient contacted Independent Health within an hour of receiving the information. Frank Sava, a spokesperson for the company, confirmed that the email and the attached documents had been deleted.
The documents contained plan member information such as ID numbers, providers seen, dates of service, claim numbers, claim payment information, and medical procedure codes. As neither Social Security numbers nor financial information was exposed, the risk of identity theft or fraud is believed to be low.
Despite this low risk, as an act of good faith, Independent Health has offered all affected individuals 12 months of complimentary identity theft protection and credit monitoring services.
“Independent Health’s systems were not compromised in any way,” Sava said. “This disclosure was the result of human error.”
He further stated that employee in question has been subjected to disciplinary procedures in line with company policy.
This incident highlights that while external threats garner a great deal of media attention, internal data breaches also pose a significant threat to the confidentiality and integrity of patient data.