The Health Plan of San Mateo (HPSM) in California notified HHS of a breach involving paper records that affected 694 patients. According to a notice prominently linked from the health plan’s home page, a programming error resulted in 700 approval notifications being mailed to the wrong members from April 1 to June 8, 2011:
The notifications were for certain medical procedures that require prior authorization (a service the Plan has to approve before it is provided). Once the Plan approves the service, it sends each member a notification letter, called an Authorization Approval. These notifications are considered Private Health Information (PHI).
Each HPSM Authorization Approval letter contains the member’s name, address, service requested, and HPSM member ID number. An HPSM Authorization Approval letter does not contain the member’s social security number.
HPSM discovered the Authorization Approval letter error on June 9, 2011 and immediately fixed the coding problem. HPSM also notified the appropriate state and federal agencies and alerted affected members.
At this time, HPSM does not have any information that unauthorized activity has taken place with the PHI of affected members, but it will monitor these accounts for suspicious activity, and follow up with members if needed.
If you are an HPSM member and have not received notification that your account was affected, then you are not one of the 700 members who were sent the wrong Authorization Approvals.