EmblemHealth to pay NJ 100K for information breach

State officials settled with health insurance provider EmblemHealth Inc. for $100,000 after it improperly disclosed the confidential information of more than 6,000 New Jersey customers, Attorney General Gurbir Grewal announced Monday.State officials settled with health insurance provider EmblemHealth Inc. for $100,000 after it improperly disclosed the confidential information of more than 6,000 New Jersey customers, Attorney General Gurbir Grewal announced Monday.

In October 2016, the nonprofit displayed the Medicare Health Insurance Claim Numbers, which mirror Social Security numbers, of more than 81,000 of its policyholders 6,443 of whom reside in New Jersey on top of its EmblemHealth’s Medicare Part D Prescription Drug Plan’s Evidence of Coverage Letters.

The HICN was shown as a package ID and part of the label affixed to the top of the letters, Grewal said.

When the Division of Consumers Affairs, part of the Office of the Attorney General, investigated EmblemHealth, it found the employee in charge of handling the letters had received minimal training for that job and worked unsupervised, Grewal said.

The employee failed to remove the HICN from the electronic data file before forwarding them to the print vendor, Grewal added. As part of the settlement, EmblemHealth will need to formalize a means for transferring an outgoing employee’s responsibilities to another qualified employee or third party.

“Health insurers entrusted with their customers’ sensitive personal information have a duty to avoid improper disclosures,” Grewal said in a statement. “EmblemHealth fell short of its obligations to its customers in this case, and I am pleased that our settlement includes measures designed to prevent similar breaches at this company in the future.”

EmblemHealth can no longer use HICNs that include Social Security numbers; instead, randomized numerical identifiers will be substituted. Copyright 2018 BridgeTower Media. All Rights Reserved.