HIPAA Substitute Notice
This notice is from Mass General Brigham Health Plan (“MGBHP”) to provide notification of an incident we recently became aware of that may have involved some individuals’ personal information.
What Happened?
On April 2, 2024, MGBHP discovered that the personal information of some of its members may have been accessible to unauthorized individuals unrelated to MGBHP. MGBHP immediately conducted an investigation into this incident.
MGBHP completed its investigation on May 28, 2024. The investigation determined that one of MGBHP’s employees may have allowed an unauthorized person to do some of the employee’s job duties and see some of its members’ personal information between July 31, 2023 and April 2, 2024. This violated MGBHP’s employment and privacy policies and was done without the knowledge or consent of MGBHP. As a result, the employee was immediately terminated.
What Information Was Involved?
The information involved may have included name, address, medical record number, date of birth, email address, phone number, Social Security number, and health insurance policy number. The clinical information involved may have included information about prior authorizations, claims and diagnosis. This incident did not involve bank account number or credit card number for any MGBHP member.
What We Are Doing
Protecting the privacy and security of its members is a top priority for MGBHP. MGBHP has taken several steps to help prevent incidents like this from occurring in the future. Upon discovery, MGBHP also immediately terminated the employee involved in the incident.
In addition, MGBHP continues to monitor and improve the safeguards it has in place to protect its members’ information. This includes enhancing its employee training and processes for the organization’s security alert system.
MGBHP also is offering 24 months of free credit monitoring and other services through IDX to those individuals whose information was involved. More information about IDX services is provided below.
What You Can Do
In addition to enrolling in credit monitoring, below is a list of various steps that individuals can take to protect their personal information.
For More Information
We sincerely regret that this incident occurred. Individuals who have any questions or would like further information about this matter can contact our dedicated privacy call center toll free at 1-888-268-7164 during the hours of 8:00 a.m. to 9:00 p.m. Eastern Time, Monday through Friday except U.S. holidays.
Reference Guide
Review Your Account Statements. Carefully review statements sent to you from healthcare providers as well as from your insurance company to ensure that all of your account activity is valid. Carefully review your bank, credit card, and other account statements every month to ensure that your account activity is valid. Report any questionable charges promptly to the provider or company with which you maintain the account.
Provide Any Updated Personal Information to Your Health Care Provider. Your health care provider’s office will ask to see a photo ID to verify your identity. Please bring a photo ID with you to every appointment if possible. Your provider’s office will also ask you to confirm your date of birth, address, telephone, and other pertinent information so that we can make sure that all of your information is up to date. Please be sure and tell your provider’s office when there are any changes to your information. Carefully reviewing this information with your provider’s office at each visit helps us to avoid problems and address them quickly should there be any discrepancies.
How to Enroll in IDX Credit and Identity Monitoring Services. As a safeguard, you may enroll, at no cost to you, in online credit monitoring and identity restoration services provided by IDX for two years. To enroll in these services, please call 1-888-826-9548.
The monitoring included in the membership must be activated to be effective. You have until September 28, 2024 to enroll in these services. Please note that credit monitoring services may not be available for individuals who have not established credit or an address in the United States (or its territories) or a valid Social Security number. Enrolling in this service will not affect your credit score. If you need assistance, IDX will be able to assist you.
We encourage you to take advantage of these protections and remain vigilant for incidents of potential fraud and identity theft, including regularly reviewing and monitoring your credit reports and account statements.
Security Freeze. A security freeze prevents credit reporting bureaus from releasing information in your credit file. This can make it harder for identity thieves to open new accounts in your name. Please be aware, however, that placing a security freeze on your credit report may delay approval of any requests you make for new loans, credit, mortgages, or other services.
You have the right to request a security freeze for free. To place a security freeze on your file, you must contact each of the three national credit reporting bureaus. You can contact them by phone, online submission, or mail.
|
Equifax Information Services |
|
Experian |
|
TransUnion |
|
Equifax Information Services |
Experian |
TransUnion |
When requesting a security freeze, you will need to provide information to confirm your identity, such as your name, proof of your current address, your prior address if you’ve moved in the last five years, your date of birth, Social Security number, and other personal information.
A security freeze request made by phone or online will be effective within one hour. Requests by mail take up to three business days from when the bureau gets it to be effective. After requesting a freeze, you will be given a unique personal identification number (PIN) and/or a password. Keep this in a safe place as you will need it to temporarily lift or fully remove the security freeze.
The freeze will remain until you ask the credit bureau to temporarily lift or fully remove it. If the request is made online or by phone, a credit bureau must lift security freeze within one hour. If the request is made by mail, then the bureau must lift the freeze no later than three business days after getting your request. There is no charge for placing, lifting, or removing a security freeze.
Check Your Credit Report. Check your credit report to ensure that all your information is correct. You can obtain a free credit report once per year by visiting www.annualcreditreport.com or by calling 877-322-8228. If you notice any inaccuracies, report the dispute right away to the relevant credit reporting bureau. You can file a dispute on the relevant bureau’s website or by contacting them at the number listed on your credit report. You can also report any suspicious activity to your local law enforcement, in which case you should request a copy of the police report and retain it for your records.
Fraud Alert. You have the right to request that the credit bureaus place a fraud alert on your file. A fraud alert tells creditors to contact you before opening any new accounts or increasing credit limits on your existing accounts. A fraud alert lasts for one year and is free of charge.
You need to contact only one of the three credit bureaus to place a fraud alert; the one you contact is required by law to contact the other two. For Fraud Alerts, use the credit bureau contact information provided above in the Security Freeze section.
Consult the Federal Trade Commission. For more guidance on steps you can take to protect your information, you also can contact the Federal Trade Commission at https://consumer.ftc.gov/identity-theft-and-online-security, or at 877-ID-THEFT (877-438-4338), or at the Identity Theft Clearinghouse, Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington, D.C. 20580.