At least, 14 data breaches by the Center for Medicare and Medicaid Services (CMS) had affected 13,775 medicare beneficiaries whose identification numbers and other personal information may have been used illegally.
In its October 2012 report, the Inspector General of the Department of Health and Human Services (DHHS) said these breaches were covered during the period betwen Sept. 23, 2009 and Dec. 31, 2011, which were considered a clear violation of the American Recovery and Reinvestment Act.
The report titled "CMS Response to Medicaid and Identity Theft", prepared under the direction of Jodi Nudelman, regional inspector general for evaluation and inspections in the New York regional office, the CMS was tasked to provide notification if it reasonably believed the information was accessed, acquired, used or disclosed as a result of these breaches.
The IG Office claimed the breaches involved the beneficiaries' Medicare identification numbers, dates of birth, diagnoses and services received. Alone, one breach that involved Medicare Summary printing error by a CMS contractor, that resulted to sending the notices to be sent to the wrong addresses. Consequently, it had affected a total of 13, 412 Medicare beneficiaries.
At the same time, ten breaches resulted from other mismailing or from loss of documents during transit. In another two breaches, beneficiary information was posted online, while another CMS employee was arrested for stealing a beneficiary information, the IG report said.
The CMS maintains the protected health information of millions of Medicare beneficiaries. If a breach occurs and the security or privacy of this information is compromised, CMS is required by the American Recovery and Reinvestment Act (the Recovery Act) to notify the affected beneficiaries. These breaches can lead to medical identity theft, the report said.
Medical identity theft is the appropriation or misuse of a patient’s or a provider’s medical identifying information (such as a Medicare identification number) to fraudulently obtain or bill for medical care. It can create patient safety risks and impose financial burdens on those affected. Medical identity theft may also lead to significant financial losses for the Medicare Trust Funds and taxpayers, the CMS report stated.