Tennessee Medicaid plan’s vendor mails PHI to wrong members, exposes 3,300 individuals’ info

MM Curator summary:

Tennessee reported a data breach for members that occurred when mailings were sent to the wrong address by Axis Direct.

 
 

 
 

The article below has been highlighted and summarized by our research team. It is provided here for member convenience as part of our Curator service.

 
 

 
 

 
 

Clipped from: https://www.beckershospitalreview.com/cybersecurity/tennessee-medicaid-plan-s-vendor-mails-phi-to-wrong-members-exposes-3-300-individuals-info.html

 
 

TennCare, Tennessee’s state Medicaid health plan, recently notified 3,300 members that their protected health information may have been exposed due to a misaddressed mailing incident on behalf of its vendor, according to a Dec. 21 WKRN report. 

Gainwell, which runs the state’s Medicaid Management Information System, alerted TennCare of the breach in October. An investigation of the incident found that about 3,300 mailings sent out in late 2019 and 2020 may have been misaddressed and delivered to the wrong person. 

The mailings, managed by the state’s vendor Axis Direct, contained protected health information of TennCare members. In a statement to the network, Gainwell said it is not aware of any members’ personal information having been misused as a result of the incident. The state is now offering free credit monitoring to the impacted members. 

“TennCare is committed to safeguarding the information of our members. We have confidence in Gainwell and the process undertaken to identify the error that impacted certain members and correct it,” said TennCare Director Stephen Smith, according to the report.