Breach of Protected Health Information
September 29 2017
Amida Care Inc.
14 Penn Plaza, 2nd Floor
New York, NY 10122
Attn: Teri Wade
Notification Regarding Breach of Protected Health Information
On July 25, 2017, a privacy breach of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) occurred involving letters sent to members of Amida Care, Inc. (the “Company”). Specifically, the Company sent its members double-sided fliers that notified members of an event on one side, with information about an opportunity to participate in an HIV research project on the other side of the flyer. Although the fliers were mailed in a security envelope with an additional blank sheet of paper to shield the flyer contents, the Company learned on August 2, 2017 that the words “Your HIV detecta” may have been visible through the blank sheet of paper in the envelope windows of some mailings, next to the member’s name and address. The letter did not contain any Social Security number, Medicaid ID numbers or other personal identification or financial information. The Company has no reason to believe that any individual’s personal information has been misused as a result of this breach.
Upon discovery of this breach, the Company immediately commenced an investigation and took various steps to mitigate potential harm to its members. Through its investigation, the Company confirmed that although the mailroom had been told to use non-windowed envelopes for this flyer, the envelope printer was not working and could not be repaired early enough for members to receive the event flyer on time. The fliers were then mailed in windowed security envelopes with a blank sheet of paper in front of the flyer so that the flyer could not be seen. Unfortunately, certain words on the flyer were still somewhat visible through the envelope windows on some of those mailings.
As part of its mitigation actions, the Company has sent letters to the individuals who received the fliers to notify them of the circumstances surrounding the incident. The Company takes the protection and security of member information very seriously and will continue to take steps to reinforce strong safeguards to prevent anything like this from happening again. It is developing a new protocol and quality control process to which it will train all mailroom and other individuals involved in member mailings. The Company deeply regrets this incident and has urged individuals with questions to contact it by calling 1-800-556-0689.
Click here to see the full text of the letter to members in English and Spanish.