Social Security numbers and other personal information for nearly 17,000 Medicare beneficiaries could have been compromised when an insurance company employee called up the data through a hotel computer and then failed to delete the file.

An auditor for the Department of Health and Human Services'inspector general came across the information a few weeks later when using the same hotel computer in Baltimore, Medicare officials disclosed yesterday.

Peter Ashkenaz, spokesman for the Center for Medicare and Medicaid Service, said there is no evidence that the information fell into the wrong hands and was misused. However, the agency has instructed the insurance company, Humana Inc., to notify each of the beneficiaries involved.

The Medicare incident comes just a month after the theft of a computer containing personal information about 26.5 million veterans.

The numbers in the Medicare case pale in comparison, but officials are sensitive to the public relations nightmare that the theft caused. Medicare officials said they will take aggressive actions against any plan or contractor that compromises the privacy of beneficiaries.

The Humana customers are enrolled in the company's Medicare prescription drug plans.

Judy Holtz, a spokeswoman for the inspector general, said the auditor in April found on the hotel computer a spreadsheet that contained Social Security numbers, names, dates of birth and other personal information of the 17,000 beneficiaries. A Humana official said the employee had used the computer a month earlier.

It was the second time that Humana's customer files had been compromised, Medicare officials said. In the other case, about 250 applications were stolen from an insurance agent's vehicle in Minnesota.

Besides notifying the beneficiaries, the company will be required to provide free access to a credit monitoring service for one year, said Mark McClellan, the CMS administrator. Also, the company must submit a plan to CMS that will show how the company intends to keep any further privacy violations from occurring.

McClellan said additional enforcement actions were being considered, but he did not elaborate.

"With strong requirements in place, it is unacceptable when personal information on any beneficiary is put at risk," McClellan said.

Humana officials said the company, which serves 3.4 million Medicare beneficiaries through the new drug benefit, will counsel its associates and sales agents on privacy issues. It will also strengthen policies related to computer software maintenance.

"Humana takes the privacy of our members very seriously," said Steve Brueckner, Humana's vice president for senior products. "It is important that our members have confidence that we are handling their personal and private information with the highest integrity and respect. These enhanced measures . . . should give them a renewed sense of confidence in our ability to do just that."

------ End of article

By KEVIN FREKING

Single page