Printed from BusinessInsurance.com

WellPoint email glitch puts colonoscopy test in the subject line

Posted On: Nov. 13, 2014 12:00 AM CST

(Reuters) — Some WellPoint Inc. customers got a surprise in their inbox this week: emails meant to remind them to get a specific preventative screening such as a colonoscopy or mammogram mistakenly included personal and health information in the subject line.

WellPoint declined to say how many customers received the emails or the cause of the technology issue.

An Anthem BlueCross customer in California sent the email she received to Reuters.

Subject: " - Don't miss out - call your doctor today; PlanState: CA; Segment: SMALL GROUP; Age: Female Young; Language: EN; CervCancer3yr: N; CervCancer5yr: N; Mammogram: N; Colonoscopy: N"

The content of the email went on to include a WellPoint reminder to make appointments for medical checkups, a flu shot and other preventive care services.

WellPoint has about 15 million customers who received benefits in the small group segment across the country out of its 37 million total customers, which includes national accounts, individuals and government paid plans.

Insurers are required by law to protect sensitive medical data and when information for more than 500 people is stolen or accidentally released, companies must disclose the breach and may be fined.

WellPoint spokeswoman Kristin Binns said she did not believe the emails constituted a breach of the Health Insurance Portability and Accountability Act. She said they are working with the vendor, whom she declined to name, who sent the emails on WellPoint's behalf to resolve the issue.

"Preliminarily, we do not believe this is a privacy rule violation," Ms. Binns said in a statement. "It is important to note that neither the email nor the subject line contained detailed member information such as diagnoses, test results or financial information."

WellPoint is listed as a customer on the website of direct marketing firm ExactTarget, a unit of Salesforce.com. A Salesforce spokesperson declined to comment on the glitch.

There have been hundreds of data breaches and email glitches in the health care industry in recent years, including the hacking of national hospital operator Community Health Systems this spring which affected 4.5 million people. Technology experts have warned that the health care industry is at risk because of aging technology.

According to the government-maintained database of HIPAA violations reported by companies, WellPoint had a large breach in November 2009. A year later, the company warned 470,000 people who had applied for health insurance that a security glitch may have exposed their information online.