One of California's largest health insurers has agreed to pay a settlement sum for an alleged data breach that compromised the personal health information of 33,756 of its members.
On Monday, California Attorney General Kamala D. Harris announced a settlement with Blue Cross of California – a corporation doing business as Anthem Blue Cross – which agreed to pay the state $150,000 to settle the claim.
The lawsuit, which was filed in Los Angeles Superior Court along with the settlement, alleges that Blue Cross of California printed Social Security numbers on letters mailed to 33,756 of its Medicare Supplement and Medicare Part D subscribers between April 2011 and March 2012. The complaint states that Anthem's conduct violated a state law that restricts the disclosure of Social Security numbers.
"Our office is committed to protecting the privacy of Californians," said Attorney General Harris in a state press release. "This settlement requires the company to make significant improvements to its data security procedures to ensure this type of error does not happen again."
After the incident, Anthem sent a letter to all affected members whose Social Security numbers were visible through the mailed envelope, notifying them of the breach and offering each a year of free credit monitoring services.
The settlement also requires Anthem to implement new technical safeguards for its data management system, to restrict employee access to members' Social Security numbers and to provide enhanced data security training for all of its associates, all of which are required to be enacted within a 90-day period.
To date, some 498 breaches have been reported to the Department of Health and Human Services since the 2009 Breach Notification Rule, which requires HIPAA-covered entities give notification following a data breach involving 500 individuals or more. California is responsible for 59 of those breaches, which have compromised the personal health information of some 3,680,000 individuals.