Healthcare Compliance Training and Certification

HIPAA News

23,119 Individuals Affected by Mirra Health’s Unauthorized Offshore Disclosure of Medicare Data

by | Mar 30, 2026

Florida Insurance Commissioner Michael Yaworsky suspended the certificate of authority of Mirra Health LLC after confirming that the company disclosed the sensitive data of more than 23,000 Florida Medicare Advantage enrollees to unlicensed offshore companies without required authorization.

Incident Overview

The Florida Office of Insurance Regulation discovered that Mirra Health LLC shared the data of 23,119 Medicare Advantage enrollees in Florida. The affected individuals were enrolled in the Chronic Condition Special Needs Plans, Dual Eligible Special Needs Plans, and Institutional Special Needs Plans. Mirra Health transmitted the information to four unlicensed companies operating in India and the Philippines.

Mirra Health LLC provides administrative support services to health maintenance organizations in Florida. The company maintained contractual relationships with Secure Inc, Solis Health Plans Inc., and Ultimate Health Plans Inc.

Regulatory Findings

Because Mirra Health LLC used unlicensed subcontractors overseas to process sensitive data without the knowledge or approval of the contracted HMOs, the company violated the terms of its contract with the HMOs. The Florida Office of Insurance Regulation concluded that Mirra Health’s business practices present an imminent danger to the health, safety, and welfare of the affected individuals. During the investigation, regulators requested documentation of contracts between Mirra Health LLC and the offshore companies. However, the requested contracts were not provided, which constituted a violation of the Florida Insurance Code.

Enforcement Action

Commissioner Michael Yaworsky issued an order suspending the Mirra Health’s certificate of authority. The transfer of data to foreign entities placed that information outside the regulatory reach of the Florida Office of Insurance Regulation, reducing its ability and the HMOs’ to safeguard the data of enrollees.

Compliance Implications

The incident involves the disclosure of PHI to third parties without required authorization and the use of subcontractors outside approved contractual terms. Though not under the jurisdiction of the Florida Office of Insurance Regulation, HIPAA violations by Mirra Health should be addressed as well. HIPAA training of employees is highly recommended to help resolve the compliance issues.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

COMPREHENSIVE HIPAA TRAINING

Ryan Coyne

Ryan Coyne is a results-driven leader in the healthcare compliance industry, specializing in regulatory compliance, compliance training, and assisting healthcare organizations and business associates in achieving and maintaining compliance. With a deep knowledge of healthcare regulations and a keen understanding of the challenges faced by the industry, Ryan has developed a reputation as a trusted advisor and advocate for ethical and compliant practices in healthcare. Ryan has successfully advised and guided numerous healthcare organizations, business associates, and healthcare professionals on achieving and maintaining compliance with regulatory training requirements. Ryan's professional focus is using his in-depth expertise and leading a world class team of subject matter experts at ComplianceJunction in regulatory compliance to help organisations navigate the complex landscape of ensuring staff adhere to healthcare regulations. You can connect with Ryan via LinkedIn and follow on Twitter

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy