HealthPartners is informing members about a privacy breach that occurred between 2008 and 2010.
According to the Pioneer Press, the Bloomington-based nonprofit HMO is sending letters to about 38,000 members regarding the breach. The Pioneer Press reports the breach involved a HealthPartners employee who wrongly shared information with a family member in order to get help formatting files for quality improvement reports.
The company says the employee is no longer with the company.
The Star Tribune reports HealthPartners first learned about the breach in January and discovered in March which members' patient data was included.
In the press release, the company said the information did not include financial or credit card information, medical records, phone numbers, addresses or emails.
"We believe there is little to no risk the information could be used for identity or financial theft because of the limited type of information involved and because we have no evidence that the information was used for anything other than preparing reports for work," said Tobi Tanzer, HealthPartners vice president for integrity and compliance. "We deeply regret this mistake and apologize to everyone who was affected."
The information included member names and numbers, dates of birth, gender, clinic location and general category of services. The Pioneer Press says in some cases the information also included names of health care providers and member feedback about providers.
WCCO reports HealthPartners said they have recovered several of the devices involved in the breach and are continuing attempts to locate any more.
There have not been any incidents of ID theft as of yet, but HealthPartners is offering one free year of identity protection to any member whose information was included in the breach.
HealthPartners will provide additional employee training and will review security policies, according to the Pioneer Press. People with questions about the privacy breach can call 866-316-1495.