An Oregon health insurance exchange (HIE) has had 18 security breaches in the last six months, with the most recent one occurring when documents containing PHI was sent to the wrong patient.
According to the Associated Press, Ann Migliaccio applied for health coverage through Cover Oregon and then received documents in the mail containing the names and birth dates of two other applicants. However, Migliaccio told the news source that the documents did not include Social Security numbers.
“It was pretty shocking,” Migliaccio said. “But with Cover Oregon nothing is shocking anymore. They should be very thankful I’m an honest person and I will not try to use this information.”
In this most recent health data breach, Migliaccio explained she enrolled in Cover Oregon last year. However, as she will soon become eligible for Medicare, she recently made changes on her application. The information she received in error has since been mailed back, but Migliaccio said she is still worried about her own information and that of her husband.
Cover Oregon spokeswoman Ariane Holm said the breach is under investigation and that upon first hearing of the incident last Thursday, the exchange’s security team immediately sent Migliaccio a return envelope to retrieve the information.
“We take the security and privacy or our customers very seriously and have policies and trainings in place to protect personally identifiable information of our consumers,” Holm told the news source, adding Cover Oregon regularly improves procedures.
Officials explained that the information shared in the past Cover Oregon breaches included addresses, names, dates of birth and internal Cover Oregon IDs, but no Social Security numbers.
After Cover Oregon failed in its initial launch attempt last year, three security breaches involving Social Security information have been reported, according to officials. Moreover, the exchange no longer mails the completed documents that include Social Security numbers and other information when applicants need to update their applications. Officials explained Cover Oregon will send the person a letter outlining the problem and a blank application as needed.
Cover Oregon was working with Oracle Corp. in an attempt to create an HIE for the state. After continuously missing deadlines, individuals were required to use a hybrid paper-online application process. Oregon had paid Oracle $134 million in federal funds to build the website, which was eventually scrapped in April for the federal exchange. Oregon was also only state to receive a month-long enrollment extension from the federal government.
Not only was the hybrid process reportedly time consuming, the exchange also is blamed for losing applications, erroneously calculated tax credits, and also mistakenly enrolling a US senator in Medicaid.
Oracle remained adamant that it was not to blame for the failure to launch. According to the technology contractor, Oracle provided “clear and repeated warnings” to the exchange that its website would not be ready to launch last October.
The post Oregon Health Insurance Exchange Suffers 18th Breach appeared first on HealthITSecurity.com.