Senior Health Partners (SHP), a Healthfirst Company, Provides Notice of Data Security Incident
NEW YORK, Jan. 30, 2015 /PRNewswire/ — Senior Health Partners (SHP), a Healthfirst company, is today notifying approximately 2,700 of its members that a laptop and smartphone belonging to an assessment nurse employed by Premier Home Health (“Premier”), a business associate, were stolen from the nurse’s apartment. SHP and Premier conducted investigations and found no indication that anyone accessed or misused any personal information or protected health information. Nevertheless, SHP is notifying members so that, with SHP’s assistance, they may protect themselves.
On November 26, 2014, a laptop bag containing a laptop and smartphone was stolen from an assessment nurse who worked for Premier. The laptop was password-protected and encrypted; however, the encryption key was stolen with the laptop bag. The smartphone was neither password-protected nor encrypted. Premier notified SHP of the theft on December 10, 2014. SHP subsequently hired forensic experts to confirm what information may have been accessible from these devices and to conduct a full investigation. Without the stolen laptop, the forensic expert could not confirm whether any attempt was made to gain access to information, but did confirm that information for some members was contained in an email that was potentially accessible. The email contents contained the following types of information relating to some members: name; address; Social Security number; Medicaid ID number; date of birth; phone number; medical services rendered; diagnoses; and health insurance claim number. The following additional information was potentially accessible for one individual: Medicaid plan, eligibility, and program information; and Third-Party Administrator information.
Beginning January 30, 2015, SHP mailed letters to affected members. SHP also notified family members and caregivers of the affected members to the extent possible. Notice is also being provided to the U.S. Department of Health and Human Services and to the offices of the New York Attorney General, Department of State, Division of State Police, and Department of Health.
Senior Health Partners sincerely regrets that this incident occurred. It takes the privacy and security of members’ health information very seriously and expects its vendors to do the same. SHP values the trust its members have placed in it as their health plan, and it is SHP’s priority to reassure its members that it is taking steps to ensure its members’ information is protected.
Although there is no report of any attempted or actual misuse of member information, SHP has retained AllClear ID to protect its members’ identities. SHP members who have been affected by this incident will receive access to one year of free identity and credit monitoring and restoration services, along with access to a confidential assistance line and an identity theft protection specialist. SHP is reviewing and updating its policies and procedures, and those of its business associates, to prevent a similar incident from recurring. SHP has advised its members to contact the confidential assistance line or their Care Manager for more information. The confidential inquiry line can be reached between 9am and 9pm EST, Monday through Saturday, at 1-877-615-3780.
To further protect against possible identity theft or other financial loss, individuals are encouraged to remain vigilant, to review account statements, and to monitor credit reports for suspicious activity. Under U.S. law, individuals are entitled to one free credit report annually from each of the three major credit bureaus. To order a free credit report, an individual can visit www.annualcreditreport.com or call, toll free, 1-877-322-8228. Individuals may also contact the three major credit bureaus directly to request a free copy of the relevant credit report.
Individuals are encouraged to regularly review any Explanation of Benefits statement received from insurers for suspicious activity. If an individual does not receive regular Explanation of Benefits statements, he or she can contact his or her insurer and request copies. Individuals may want to order copies of credit reports and to check for any unrecognized medical bills. If an individual finds anything suspicious, he or she can call the credit reporting agency at the phone number on the report. Individuals should keep a copy of notices in case future problems arise. Individuals may also want to request a copy of medical records from providers, to serve as a baseline.
At no charge, an individual can also have these credit bureaus place a “fraud alert” on his or her file that alerts creditors to take additional steps to verify his or her identity prior to granting credit in his or her name. It should be noted, however, that because a fraud alert tells creditors to follow certain procedures, it may also delay an individual’s ability to obtain credit while the agency verifies his or her identity. As soon as one credit bureau confirms an individual’s fraud alert, the others are notified to place fraud alerts on the individual’s file. Should an individual wish to place a fraud alert, or have any questions regarding a credit report, he or she should contact any one of the agencies listed below. Information regarding security freezes is also available from these agencies.
Individuals can further educate themselves regarding identity theft, security freezes, and the steps to take to protect themselves by contacting the Federal Trade Commission (FTC). The FTC can be reached at: 600 Pennsylvania Avenue NW, Washington, DC 20580; www.ftc.gov/idtheft/; 1-877-ID-THEFT (1-877-438-4338); and TTY: 1-866-653-4261. The FTC encourages those who discover that their information has been misused to file a complaint with them. Information on how to file such a complaint can be found at the FTC website shown above. Individuals should report known or suspected identity theft or fraud to law enforcement.
Anyone with any additional questions or concerns may contact our confidential inquiry line between 9am and 9pm EST, Monday through Friday, at 1-877-615-3780.
SOURCE Senior Health Partners (SHP), a Healthfirst company
1. Okay, encryption doesn’t help if you conveniently leave the encryption key with the laptop for any thieves.
2. Why wasn’t the smartphone secured? And what was on it?
3. Why did it take two weeks for the business associate to report the breach to SHP? Did their employee report it promptly to them or not?