Managed Care

Misdirected Mail Scenario

  • 1.  Misdirected Mail Scenario

    Posted 03-05-2013 06:23 PM
    This message has been cross posted to the following eGroups: Managed Care and HIPAA .
    A purely hypothetical and intellectual discussion with a colleague lead us to ponder a scenario involving misdirected mail that is "never" returned. 

    Lets say a member's insurance card was mailed to the home, yet two weeks later the member calls the insurance plan (the CE) to say s/he did not receive the envelope containing the cards. You have no reason to doubt the member's story.  At this point, no responsible citizen has called to inform the CE that they received that piece of mail by mistake and is willing to send it back to the CE unopened, nor has the mail come back undeliverable from the post office (in two weeks time). 

    Let's say the CE would like to assume that a neighbor received the card by mistake (or some other unverifiable situation) . You run through all the possible questions, like:  Was the mail thrown away unopened?  Was it opened (accessed) and then discarded? The point is, the CE does not know if it was accessed or not accessed, or if it ended up in a USPS dead mail dump someplace.

    So the CE faces fact that the original piece of mail containing the member's insurance card is never going to show up.  The CE has no idea what happened to it after two weeks, then a month.  It just never surfaces. 

    Is it breach?  If the CE believes that it is not a breach, does that violate HITECH? Mustn't the CE  have a risk assessment for every piece of "disappearing" mail containing PHI that never resurfaces? How long do you wait to see if it comes back undelivered unopened? Is it feasible that under the above circumstances, a "good" risk assessment could possibly indicate that notice of a breach is not required under HITECH? 

    Shawna White MBA CHC
    Compliance Manager
    2020 HCCA Managed Care