Amida Care-a not-for-profit community healthcare service based in New York-has reported a HIPAA breach to the Office of Civil Rights (OCR). Their initial report reveals that the breach has affected nearly 6,250 of its patients. The organisation specializes in providing health coverage and coordinated care to Medicaid members suffering from chronic health conditions. This includes many patients suffering from human immunodeficiency virus (HIV).
On July 25, 2017, Amida Care sent a flyer to the homes of some of its members who had contracted HIV. This flyer advertised the opportunity for the patients to take part in a HIV research project. The double-sided flyers contained details of the HIV research project on one side, and information on an Amida Care Summer Life Celebration event on the other.
The decision had originally been made to send out the flyer in windowless envelopes to protect the identity of those who had contracted HIV. The mailroom had been sent these instructions and were ordered to comply. However, due to fault with the envelope printer, the decision was made to send out the flyer in envelopes with clear plastic windows to ensure that the patients received the information about the study on time.
Care was taken to prevent any sensitive information being visible through the clear plastic windows of the envelopes. A blank sheet of paper was included with the patient’s name and address, which was visible through the window. However, while that should have prevented any information from being viewed, Amida Care discovered that the words “Your HIV detecta” – which were on the printed flyer – may have been visible through the paper, therefore revealing the HIV status of the recepients of the letter.
Amida has informed all patients who received the mailing of the potential disclosure of sensitive information, which was limited to the above words. No other information was visible through the paper. Amida Care has apologised for the error and has told patients steps have been taken to prevent similar incidents from occurring in the future.
This is the second breach of this nature to have been discovered in the past few months. In July, Aetna-another healthcare organisation with many HIV patients-sent a mailing to 12,000 of its members via a third-party firm. While the letters were sent inside sealed envelopes, details about prescribed HIV medications were visible through the plastic windows of the envelopes for some of those patients.