Error in Medicaid mailing process sent some members’ information to the wrong address

Mailing error resulted in some member letters being placed in incorrect envelopes and sent to the wrong recipients

The Department of Health and Human Services (DHHS) will be mailing personalized notifications to an estimated 5,800 Medicaid members (less than 1% of all Medicaid members in Utah) whose benefit information was sent in error to another address. On May 8, 2023, Utah State Mail discovered that some Medicaid benefit letters addressed to households were grouped incorrectly and placed in an envelope addressed to a different household. Once the issue was identified, State Mail immediately stopped the mail preparation process and notified DHHS. Since that time, DHHS has worked to identify members impacted by this error and generate the individualized letters to notify them of the error. These letters will be sent over the next two weeks.

The notification to members includes:

  • A description of the mailing problem.
  • A list of the data elements included in the letters.
  • Action members can take to monitor their healthcare accounts.
  • Contact information for questions and concerns.

Nearly 200 of these Medicaid members also had their Medicare health insurance claim number (HICN), which for some may have been their Social Security number, listed on the letter. These members will have that information listed in their notification and will be provided the opportunity to enroll in a credit monitoring service at no cost. No other financial identifiers were included in the original letters.

If members have questions about the notification they receive regarding the Medicaid benefit mailing error, they can contact a DHHS health program representative at 1-866-608-9422.

DHHS is committed to quality and transparency. The protection of patient information is critical to DHHS and Medicaid has worked with Client Network Services (CNSI), a business associate, to correct this error in the system. DHHS and CNSI have worked together to increase system testing and enhance quality protocols.

Although this error occurred due to system programming and was not the result of an external group accessing state systems, it meets the federal requirements of a reportable data breach. As such, DHHS will also be submitting a breach report to the Office for Civil Rights within the U.S. Department of Health and Human Services.

Utah Medicaid and CNSI recently built and implemented a new, robust data management and claims payment system for Medicaid. The Provider Reimbursement Information System for Medicaid (PRISM) replaced the legacy data systems designed more than 35 years ago. Medicaid is a state and federal program, providing vital healthcare to more than 530,000 vulnerable and low-income Utahns of all ages statewide.

###