Dean Health Plan

A mailing that contained estimate of payment (EOP) documents was damaged in transit from the covered entity’s (CE) business associate (BA), Emdeon, to a bank via United Parcel Services (UPS). On September 25, 2015, the United States Postal Service returned 31 pages of the 148 page mailing to the CE. The breach incident involved the protected health information (PHI) of approximately 960 individuals and included dates of service, member names, health plan member identification numbers, and procedure codes. The CE investigated the breach but was unable to determine who was at fault. The CE provided breach notification to HHS, affected individuals, and the media. Following the breach, the CE worked with the BA to develop and implement procedures to reduce the number of paper documents transmitted. As a result of OCR’s investigation, OCR reviewed copies of the correspondence with the BA and UPS regarding this matter, the BA agreement, and the CE’s HIPAA policies and procedures.
Location of breached information: Paper/Films
Business associate present: No