'Human error' exposes patients' Social Security numbers

07.02.2006
A "human error" at Blue Cross and Blue Shield of North Carolina allowed the Social Security numbers of more than 600 members to be printed on the mailing labels of envelopes sent to them with information about a new insurance plan.

The mistake affected patients who had applied for a new health savings account insurance plan, said Gayle Tuttle, a spokeswoman for the Chapel Hill, N.C.-based insurer. "The mailing label on a welcome letter that we sent out to 629 people enrolled in one of our individual insurance plans contained an 11-digit tracking number, nine of which were the members' Social Security numbers," Tuttle said. "The release of this information is the result of a regrettable human error."

As part of a broader bid to enhance privacy, Blue Cross has been using a new subscriber number instead of Social Security numbers to identify patients, Tuttle said. Even so, there is still a "linking" that goes on internally between the subscriber IDs and Social Security numbers that may have contributed to the error, she said.

The problem was discovered on Jan. 30, and letters were sent to the affected individuals on Feb. 1 informing them of the breach and instructing them to check for fraudulent activity with the major credit reporting bureaus. "We are taking this very seriously," Tuttle said. "But this affects only a very tiny percentage of our members."

Following the incident, Blue Cross is looking at its internal processes and procedures to see how such mistakes can be avoided in future, Tuttle said.

The incident at Blue Cross is similar to one involving The Boston Globe last week and another case involving tax preparer H&R Block Inc. in Kansas City, Mo.