Connextions c/o Anthem BCBS

From November 11, 2011 through October 1, 2012, an employee of the covered entity’s (CE) business associate (BA), Connextions, improperly accessed the protected health information (PHI) of the CE's Medicare members, and the employee may have disclosed their social security numbers to a third party. This breach affected approximately 528 Indiana members. The PHI involved in the breach included demographic information and social security numbers. The CE provided breach notification to HHS, affected individuals, and the media, and posted substitute notice on its website. Following the breach, the BA completed a security risk assessment, phased out the call center where the at-fault employee worked, and engaged in an independent, external audit. OCR reviewed the BA agreement in place between the CE and BA and obtained assurances that the CE and BA implemented corrective actions in this matter. In addition, the involved individual’s employment was terminated.
Location of breached information: Network Server
Business associate present: Yes