19,570 Missouri Care Members’ PHI Exposed in Mailing Error

by | Sep 6, 2018

A mailing mistake that was sent to Missouri Care subscribers reminding them to reserve well-child visits has resulted in the accidental disclosure of the personal data of approximately 20,000 children to other Missouri Care subscribers.

The personal information included in the letters was restricted to children’s names, ages, and the names of their supplier’s. Health information and other sensitive data was not accessed, so the possibility the information to be misused is minimal. However, as a precautionary measure, parents and legal guardians of impacted children have been warned to closely review their credit card bills and account statements for any unusuals activity and told not to reply to any email requests asking for further personal information. Free credit monitoring services have been offered to all people impacted by the breach.

WellCare Health Plans Inc., identified the error on July 25, 2018 and initiated an investigation to deduce how the error happened and the clients that were affected. The mailing had been broadcast to 19,570 individuals, although it is unclear how many of those letters were incorrectly labelled.

The personal information that was exposed is classified as protected health information under HIPAA, and as such, the exposure of the data requires notifications to be issued to all affected people. Since the incident involved over 500 people, a media notice about the breach was also an obligation and was sent to the Kansas City Star.

In the letter which was sent, WellCare Health Plans VP and chief security and privacy officer stated “Missouri Care is deeply committed to protecting our members’ privacy, and we apologize for any inconvenience this incident may have caused.”

WellCare Health Plans Inc., said policies and processes for mailings have been audited and updated to stop similar incidents from occurring going forward.

This is the second incorrect mailing incident to impact Missouri Care members in the past 12 months. A similar mis-mailing incident occurred in August 2017, which led to the accidental disclosure of the PHI of 1,223 plan subscribers. In that instance, the error was made by a subcontractor hired for the mailing.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy