The December 2022 issue of IEEE Spectrum is here!

Close bar

280,000 Medical Records Still Missing in Pennsylvania

Flash drive containing information can't be found

2 min read
280,000 Medical Records Still Missing in Pennsylvania

The Philadelphia Inquirer last week reported that the names, addresses, and personal health information of some 280,000 Medicaid recipients have gone missing. The information was on a flash drive owned by two affiliated Philadelphia insurance companies, Keystone Mercy Health Plan and AmeriHealth Mercy Health Plan. The two companies are jointly owned by Independence Blue Cross and the Mercy Health System.

The Inquirer says that, "Keystone Mercy Health Plan provides insurance to 300,000 Medicaid members in Philadelphia, Bucks, Montgomery, Delaware, and Chester Counties. AmeriHealth serves 100,000 in a 15-county arc running from Harrisburg to northeastern Pennsylvania."

The flash drive went missing on September 20, but the situation only came to light after the Philadelphia Inquirer sought information about it. How the paper heard about the lost drive wasn't mentioned. 

According to the Inquirer, the flash drive was routinely taken to community health fairs, although the companies didn't think that the flash drive was lost at one of them, but at its corporate offices in Southwest Philadelphia.

The Inquirer noted that the insurance companies refused to explain why a flash drive containing tens of thousands of sensitive records was routinely taken to health fairs in the first place.

The press release by Keystone Mercy only cryptically says that, "The drive had personal health information about some of our members and others who attended some of our community events." This implies that the information on the drive was accessed by the companies' representatives at these health fairs - for what reason is not stated. Offering members more insurance, perhaps? 

The Inquirer further noted that the insurance companies refused to say whether the data on the flash drive was encrypted, or why they thought the flash drive was lost rather than stolen.

In fact, the Inquirer said, "the companies refused to offer any explanation of how the incident happened."

Additionally, the Inquirer has been trying to determine whether the companies broke any data disclosure laws by not notifying its members about the missing information for nearly a month. The companies have refused to say whether or not they notified the federal government about losing track of the flash drive at the time.

Per usual, the president of two companies, Jay Feldstein, said, "We deeply regret this unfortunate incident."

And an accompanying press statement by the companies also said that plan members are their "number one priority."

You can judge that for yourself.

The Conversation (0)

Why Functional Programming Should Be the Future of Software Development

It’s hard to learn, but your code will produce fewer nasty surprises

11 min read
A plate of spaghetti made from code
Shira Inbar

You’d expectthe longest and most costly phase in the lifecycle of a software product to be the initial development of the system, when all those great features are first imagined and then created. In fact, the hardest part comes later, during the maintenance phase. That’s when programmers pay the price for the shortcuts they took during development.

So why did they take shortcuts? Maybe they didn’t realize that they were cutting any corners. Only when their code was deployed and exercised by a lot of users did its hidden flaws come to light. And maybe the developers were rushed. Time-to-market pressures would almost guarantee that their software will contain more bugs than it would otherwise.

Keep Reading ↓Show less