AmeriHealth HMO Inc. and AmeriHealth Insurance Co. of New Jersey have notified individual members of an incident involving the breach of protected health information, the company said.
Following an internal investigation aided by an undisclosed forensics investigation firm, it was determined that affected members’ names, dates of birth, diagnosis codes, provider information and other claim processing information were included in a file uploaded by an AmeriHealth employee to a public-facing website. The information was accessible on the website from April 23 until July 20. Social security numbers, financial and credit information were not included in the breach, AmeriHealth said.
The company is unable to determine if the information was accessed while posted, but said it does not have any knowledge of any attempt to misuse the information. The AmeriHealth Privacy Office received notification July 19 that some member information may have been available for unauthorized viewing.
In the wake of the incident, AmeriHealth is reviewing company policies and procedures to implement additional protocols to prevent future such incidences.
“We also ensured that the appropriate action was taken with the employee responsible for uploading the subject file,” the company said in a release.
Affected members, which amount to less than 1 percent of the health care company’s rosters, will be contacted by AmeriHealth. The company also said it will also offer complimentary 24-month, triple-bureau credit monitoring and identity protection services to those affected.