The latest HIPAA breach involves Dean Health Plan, an insurance company based out of Madison, Wisconsin, and affected over 1,300 patients. The breach was reported by Dean Health Plan to the U.S. Department of Health and Human Services Office for Civil Rights on June 15th. The root of the error is in papers and films that were accessed or disclosed without proper authorization. This isn’t the first time the insurance company has been involved in a HIPAA breach either. A similar incident involving 960 patients occurred in 2015 when sensitive documents containing protected health information (PHI) were lost while being mailed to a bank. The PHI includes names, member numbers, and procedure codes.

How might this negatively affect patients in their most recent case? That depends on what type of information was disclosed. If it simply contains names, addresses, phone numbers and the like, chances are they won’t be affected at all. However, if a procedure code or diagnosis is inappropriately leaked it can affect their ability to find a new job should an employer discover an illness they have. It could also mean complications with their insurance providers. Perhaps the scariest of all is an exposed social security number, which can lead to various issues such as identity theft.

What type of repercussions can Dean Health Plan expect? There are numerous penalties that could be issued, but it relies on what information was released, the number of patients involved, and the intent of the organization’s members. We know the exact number of affected patients is 1,311, but the information that was released has not yet been made known. An educated guess would lead anyone who’s following this case to believe they’re looking at a $15,000-$20,000 dent in the bank, but the Office for Civil Rights is known for being harsh when dishing out fines. The company could expect to lose a lot of business from this incident, even more so since it’s their second violation in three years. The loss of business could result from customers or partners losing trust in them. The process for an organization to recover from a HIPAA violation also requires them to assign time and manpower to comply with HHS. Dean Health Plan is looking at a long and expensive road to recovery.

 

References:

U.S. Department of Health and Human Services Office for Civil Rights Breach Portal: Notice to the Secretary of HHS Breach of Unsecured Protected Health Information.” U.S. Department of Health & Human Services – Office for Civil Rights, ocrportal.hhs.gov/ocr/breach/breach_report.jsf.

Documents Lost in the Mail Trigger Breach Impacting 960 Dean Health Plan Members.” Becker’s Hospital Review, www.beckershospitalreview.com/healthcare-information-technology/documents-lost-in-the-mail-trigger-breach-impacting-960-dean-health-plan-members.html.