Washington, D.C., Dec. 12, 2019 (GLOBE NEWSWIRE) -- The Blue Cross and Blue Shield Service Benefit Plan (also known as the Federal Employee Program® or FEP®), on behalf of the Blue Cross and/or Blue Shield Companies that administer FEP is informing members of an incident related to a system upgrade made by a vendor involving limited information on the fepblue™ mobile app. The fepblue mobile app assists members regarding the FEP. To date, we are not aware of any misuse or further disclosure of the information made accessible due to this incident and, out of an abundance of caution, are directly notifying potentially affected individuals.
A programming change made by a vendor on September 28, 2019 to update the fepblue mobile app inadvertently altered some permission functions in error. As a result, in certain circumstances, adult family members on the same FEP policy contract were able to view certain summary claims information for other family members on the fepblue mobile app between September 28, 2019 and October 22, 2019, even though permission to view that information had not been affirmatively granted and/or requested confidential communication measures were in place.
When the issue was discovered on October 22, 2019, the mobile app’s claims viewing feature was turned off that same day to investigate and remediate the issue. We are not able to confirm whether any claims information was actually viewed by family members.
As a general matter, information accessible through the fepblue mobile app includes one year of certain summary claims information for medical and/or pharmacy claims. Medical claims information accessible to adult family members during the relevant time period included first and last name, address, health insurance ID number, claim/account number, date of service and provider name for the member. For members with pharmacy claims in the past year, pharmacy name, numeric code and name of prescribed drug, dosage amount and other drug dispensing information (such as date filled, charges and amount owed) was also accessible during the relevant time period.
Social Security Numbers, dates of birth, credit card information, and financial information are not accessible via the fepblue mobile app and were not implicated in this incident in any way. Also, the fepblue mobile app does not include or link to medical records, test results or diagnosis information. Approximately 11,500 individuals are potentially affected by this incident. At this time, the we are not aware of any specific steps individuals should take to protect themselves as a result of this incident, including because Social Security numbers, credit card information and financial information were not involved.
Appropriate steps have been taken to correct the issue. Members with questions about this matter or who would like additional information can call the FEP National Information Center toll free at 1-800-411-BLUE (2583). The call center is open Monday through Friday, from 8a.m. to 8 p.m. Eastern Standard Time, excluding weekends and holidays. We regret that this vendor incident occurred and have implemented steps to prevent a similar recurrence in the future.
Privacy Incident Involving Vendor Upgrade to Mobile App
| Source: CareFirst BlueCross BlueShield