October 8, 2021

Williamsville, N.Y. – As part of Independent Health’s safety and security protocols, we conduct regular extensive reviews. During a recent review on August 13, 2021, we found protected health information (PHI) inadvertently embedded in a hidden cache in a secure report sent on a monthly  basis to stop loss carriers and brokers between August 2019 and August 2021 for 541 members from Williamsville Central School District, a self-funded plan client.

The PHI included members’ names, member ID numbers, and medical diagnosis code and description. It did not include any Social Security numbers or any personal financial information.

Based on our thorough review, we believe it is extremely unlikely any of the hidden PHI was accessed or mis-used because the recipients of the secured files work for business partners of HIPAA Covered Entities for whom we provide services, and they fully understand the requirements to secure and keep data private. Additionally, the data was embedded in a manner making it extremely difficult to discover. Nonetheless and as an added precaution, Independent Health has arranged to provide the 541 members with two years of free identity protection and monitoring services. All affected members were already notified about this event. If Williamsville Central School District members have questions they should call (716) 631-2661 or toll-free 1-800-257-2753.

The embedded data that inadvertently remained in the secure report was due to human error and Independent Health has already implemented the necessary safety steps to address this and prevent further occurrences. Protecting our customers’ privacy and keeping their information secure is critically important to Independent Health and we deeply regret that this event occurred.