CalOptima recovers discs with personal data on 68,000 members
Discs appear untouched, breach notifications won't go out, spokesman says
October 29, 2009 03:44 PM ETComputerworld - Several missing CDs containing unencrypted personal data on 68,000 members of the CalOptima managed care plan have been traced to a secure postal facility in Atlanta. The discs went missing two weeks ago.
They appear untouched and will be collected by a CalOptima employee later today, a spokesman for the Orange, Calif.-based health plan said.
The discs had been put in a box and sent by certified mail to CalOptima by one of its claims-scanning vendors earlier this month. CalOptima, however, received only the external packaging material -- minus the box of discs. The unencrypted data on the CDs included member names, home addresses, dates of birth, medical procedure codes, diagnosis codes and member ID numbers, along with an unspecified number of Social Security numbers.
It's still unclear how the discs may wound up in a U.S. Postal Services facility in Atlanta, the spokesman said. But the facility appears to have been a secure one designed to store misrouted or lost postal material of a sensitive nature, he said.
Following the discovery of the discs, CalOptima scrapped its plans to send out breach notification letters to the 68,000 affected individuals. The discs were discovered as health plan was negotiating with a credit bureau to offer credit monitoring services for people whose data was missing, the spokesman said.
Until recently, organizations such as CalOptima would not have been required to disclose a data breach involving the loss or compromise of protected health information. But a law that went into effect last month, now requires all health care entities covered by HIPAA to disclose any breaches involving protected health data.
Read more about security in Computerworld's Security Knowledge Center.
Caloptima
Additional Resources



White Papers & Webcasts
Death to PST Files
Download Now
The Tangled Web: Silent Threats & Invisible Enemies
Download Now
Tape Killed the IT Guy
Watch Now
Forrester Consulting Mobility Study: Taking Control of Enterprise Mobile Device Diversity
Download Now
BRM: What You Can Do To Reduce Risk In Challenging Times
Watch this webcast now!
What IT Must Do to Support Employee-Owned BlackBerry, iPhone and Android Mobile Devices
Download Now
Web 2.0, Social Media and the Dark Web - A Web Criminals Paradise?
In this discussion, learn about the challenges of protecting your users from the potentially unsafe content hidden in the "Dark Web".
eGuide: Enterprise Security
Smart Security Strategies for 2010. Read now!
Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...

