The information was viewable between April 23 and July 20, according to a notice posted on the payer’s website. Independence immediately took the information down upon discovery. An investigation into the incident was unable to conclude whether PHI was accessed, but Independence said it was unaware of any actual or attempted misuse of the data.
The information included members’ names, dates of birth, diagnosis codes, provider information and other information used for claim processing purposes such as claim numbers, referral numbers and service dates. No Social Security numbers or financial information was compromised.
“We reviewed company policies and procedures and implemented additional technical controls to help prevent future incidents of this kind,” the notice states. “We also ensured that the appropriate action was taken with the employee responsible for uploading the subject file.”
Independence is offering affected members one free credit report annually from each of the three major credit reporting bureaus.
More articles on payers:
5 takeaways on using step therapy to lower Part B drug prices: Health Affairs
61% of hospital leaders say single-payer would help lower healthcare costs
8 recent lawsuits involving payers
