Centene Corp., the St. Louis, Mo.-based health insurer, has acknowledged that it is internally searching for six hard drives that contain personal health information (PHI) of approximately 950,000 individuals.
In a Jan. 25 press release, Centene said that it has determined the hard drives contained the personal health information of certain individuals who received laboratory services from 2009-2015, including name, address, date of birth, social security number, member ID number and health information. The hard drives do not include any financial or payment information, Centene said.
"Centene takes the privacy and security of our members' information seriously," Michael F. Neidorff, chairman, president and CEO of Centene, said in a statement. "While we don't believe this information has been used inappropriately, out of abundance of caution and in transparency, we are disclosing an ongoing search for the hard drives. The drives were a part of a data project using laboratory results to improve the health outcomes of our members."
Notification to affected individuals will include an offer of free credit and healthcare monitoring. Centene is in the process of reinforcing and reviewing its procedures related to managing its IT assets, the company said. "Consistent with our policies around communication and transparency, we are beginning the process of notifying all affected individuals and all appropriate regulatory agencies as we continue to search and investigate," added Neidorff.