By Christine Kern, contributing writer
Missing hard drives carry personal and health information of roughly 950,000 clients.
St. Louis-based health insurer Centene Corp. reported it is missing six hard drives containing the personal and health information of approximately 950,000 clients, though the drives do not hold financial or payment details, according to the Associated Press. Centene offers managed Medicaid plans to uninsured or underinsured people.
Information stored on the missing drives included names, addresses, birthdates, Social Security numbers, member identification numbers, and health information for patients receiving laboratory services between 2009 and 2015.
“Out of an abundance of caution and in transparency, we are disclosing an ongoing search for the drives,” CEO Michael Neidorff said in a filing with the Securities and Exchange Commission. “The drives were part of a data project using laboratory results to improve the health outcomes of our members.”
Neidorff said the company does not believe any data from the missing drives has been used inappropriately, but Centene announced that it is notifying affected members and will provide free healthcare and credit monitoring services. Meanwhile, an “ongoing comprehensive internal search” is underway to locate the missing drives, according to a company statement.
The misplaced hard drives come in the wake of controversy over a planned merger in which Centene would purchase health insurance company HealthNet for $6.8 billion, according to California Healthline. In a recent California Department of Insurance hearing, officials raised concerns the merger would drive up consumer prices for health insurance. Centene argues it will improve efficiencies and benefits.
The misplaced drives once again highlight the need for tightened security measures regarding protected client information, both financial and health related. Internal threats and theft or loss of devices is a serious challenge for healthcare security, as these place the healthcare organization in jeopardy of fines and other sanctions under HIPAA and the HITECH act, as highlighted by this history of data breach and security regulations in healthcare from Health IT Outcomes.