Data Breaches

Breach Subtotal

Breach Type: all
Organization Type: all
Year(s) of Breach: all
Company or Organization:
Date Made Public:
June 15, 2018
Company: Dean Health Plan
Location: , Wisconsin
Type of breach:
DISC
Type of organization:
MED
Records Breached:
1,311

Location of breached information: Paper/Films

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
November 11, 2015
Company: Dean Health Plan
Location: , Wisconsin
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
960

A mailing that contained estimate of payment (EOP) documents was damaged in transit from the covered entity’s (CE) business associate (BA), Emdeon, to a bank via United Parcel Services (UPS). On September 25, 2015, the United States Postal Service returned 31 pages of the 148 page mailing to the CE. The breach incident involved the protected health information (PHI) of approximately 960 individuals and included dates of service, member names, health plan member identification numbers, and procedure codes. The CE investigated the breach but was unable to determine who was at fault. The CE provided breach notification to HHS, affected individuals, and the media. Following the breach, the CE worked with the BA to develop and implement procedures to reduce the number of paper documents transmitted. As a result of OCR’s investigation, OCR reviewed copies of the correspondence with the BA and UPS regarding this matter, the BA agreement, and the CE’s HIPAA policies and procedures.

Location of breached information: Paper/Films

Business associate present: No

Information Source:
US Department of Health and Human Services
CSV