Statement mailing errors cause PHI release at Horizon BCBS

Personal information of 170,000 members sent to the wrong individuals over two months.


Horizon Blue Cross Blue Shield has suffered its third breach of protected health information in less than three years.

The most recent incident affecting the insurer, which serves New Jersey, was announced this week, after a business associate put personal health information of as many as 170,000 people insured by Horizon into the wrong hands.

Also See: Flash drive misuse creates a breach for Greenville Health

Horizon said it was notifying affected members after Command Marketing Innovations, a mailing contractor for Horizon, inadvertently sent explanation of benefit and payment statements to the wrong individuals in late October and early November.



Demographic and insurance information was among the data compromised by the mailings, but financial information and Social Security numbers were not released on the computer-generated mailings. Horizon will monitor member accounts for fraudulent activity, according to information about the release on the nj.com news web site.

Neither Horizon nor Command Marketing responded to requests for comment on the release of protected health information.

In November 2013, two unencrypted Horizon laptops holding sensitive information, which included Social Security numbers, were stolen, and the Blues plan offered a year of credit and identity protection services to 839,711 members. In September 2015, unauthorized access of electronic medical data resulted in a breach affecting 1,173 individuals.

More for you

Loading data for hdm_tax_topic #healthcare-equity...