Amida Care admits HIPAA breach due to transparent envelope window

New York City insurer joins Aetna and CVS CareMark in suffering HIPAA breach based on these types of envelopes.
Compliance & Legal
By Susan Morse , Executive Editor | October 16, 2017 | 1:33 PM

Another healthcare organization has admitted to the breach of privacy in a mailing of HIV information to members.

Amida Care, a nonprofit health plan based in New York City, sent its members double-sided fliers that notified them about an opportunity to participate in an HIV research project on one side of the flyer. Although the fliers were mailed in a security envelope with an additional blank sheet of paper to shield the contents, Amida Care said it learned on Aug. 2 that the words "Your HIV detecta" may have been visible through the blank sheet of paper, next to the member's name and address. 

This is a HIPAA privacy breach, Amida Care said by a statement, and in a Sept. 25 letter to members.

[Also: Aetna violated HIPAA when envelope windows exposed HIV medication use, attorneys say]

More than 6,000 members were potentially impacted.

The letter did not contain any Social Security numbers, Medicaid ID numbers or other personal identification or financial information, the insurer said. Also, the company said it has no reason to believe that any individual's personal information has been misused as a result of the breach.

[Also: Transparent envelopes lead to class-action lawsuit against Aetna for revealing HIV medication information]

Through an investigation, Amida Care learned that although the mailroom had been told to use non-windowed envelopes to send the flyer, the envelope printer was not working and could not be repaired in time for members to receive event information printed on the other side of the flyer.

The fliers were then mailed in windowed security envelopes with a blank sheet of paper in front of the flyer so that the flyer could not be seen. Unfortunately, certain words on the flyer were still somewhat visible through the envelope windows on some of those mailings, Amida Care said.

[Also: CVS Caremark suffers envelope breach of HIV information as Aetna faces lawsuit for similar issue]

The incident is the third known this year involving transparent envelope windows that revealed a member's connection to HIV and breached HIPAA privacy laws.

In August, Aetna's use of transparent envelope window that allowed HIV information to be visible, led to a class-action lawsuit.

Also in late August, CVS Caremark suffered a breach of HIV information through a transparent window when the pharmacy benefit manager mailed information to about 4,000 members on behalf of Ohio's AIDS Drug Assistance Program.

Twitter: @SusanJMorse
Email the writer: susan.morse@himssmedia.com

Topic:
Compliance & Legal