CarePlus Notifies 11,200 Health Plan Members of PHI Breach

by | Feb 7, 2018

Florida-based CarePlus Health Plans has experienced a PHI breach incident which has seen certain plan members’ protected health information disclosed, in error, to other plan subscribers.

A mailing including ‘Explanation of benefits statements (EOB)’ was sent to plan members between January 9 and January 16, 2018, although on January 17, Miami-based CarePlus discovered that a number of the statements had been sent to the wrong people.

The EoB statements listed names, addresses, dates of service, providers of services, the services that had been given, CarePlus identification numbers and CarePlus health plan titles. Highly sensitive data such as Social Security numbers and financial details were not listed on the EoB statements. CarePlus has not been in receipt any reports to suggest any of the disclosed information has been improperly used.

The incorrect mailing incident has been looked into by CarePlus and action has been taken to avoid any similar privacy incidents from being incurred going forward. CarePlus says the incorrect mailing incident was due to a number of programming and printing errors. Breach notification letters are now being broadcast to all people impacted by the breach to make them aware of the accidental sharing of their private health information.

The incorrect mailing incident has not been posted on the Department of Health and Human Services’ Office for Civil Rights (OCR) data breach portal, although WFLA has remarked that incident could have exposed almost 11,200 plan members.

This is the second incorrect mailing incident experienced by CarePlus Health Plans in the past three years. In September 2015, CarePlus revealed more than 1,400 of its plan subscribers had been exposed in an incorrect mailing incident that included two EoB statements accidentally inserted into the wrong envelopes – The correct EoB statement and the statement of another CarePlus plan subscriber.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy