TennCare, the state’s expanded Medicaid program, says about 1,700 enrollees may have be subject to a privacy breach.

Here’s the release from TennCare:

Nashville – The Division of TennCare, which provides health care insurance to 1.7 million Tennesseans, announced today that it has notified approximately 1,700 Medicaid members of a privacy issue that may have impacted their personal information.

During a recent review, TennCare learned that a routine update to a computer system may have caused a limited number of individuals from one household to be able to view some information about individuals in another household that included some of the same people. This happened when a new application listed the name of a person who was already in another household.

For a limited time, the name and age of affected individuals and their dependents may have been visible to people who were at one time on the same case file. For fewer than 15 people, additional information, such as social security number, address, and date of birth may have been visible.

TennCare immediately took steps to determine the scope of the breach, address the issue, and notify impacted members, all of whom are being offered 12 months of free identity theft protection services.

Based on TennCare’s analysis, there is no evidence to suggest the information was misused; however, out of an abundance of caution, TennCare is offering free identity theft protection services through Experian to those affected. These services include 12 months of credit monitoring, $1,000,000 identity theft insurance coverage, and identity theft restoration services.

TennCare will incorporate the learnings from this incident to further strengthen its commitment to protecting personal information for TennCare members.

Answers to certain questions related to the incident:

What was the issue?

A routine update to a computer system may have caused certain individuals from one household to be able to view some information about individuals in another household that included some of the same people. This happened when a new application included the name of a person who was already part of
an existing case.

How did TennCare discover the incident?

TennCare received a few privacy communications from affected members, which led to the discovery of the issue.

When did this occur?

On July 12, 2022, TennCare found that members may have been affected by this issue. The issue was fixed on July 22, 2022.

Has TennCare corrected or will TennCare correct the household information potentially impacted by
this issue?

TennCare has addressed the programmatic issue so information is no longer visible to individuals from a different household. TennCare is reviewing the household members’ information in our systems and are making any necessary corrections, if required.

Who qualifies for the credit monitoring and identity theft protection services?

Any member who was affected by the incident. Those affected have been notified and were provided an enrollment code.

How do those affected enroll in the credit monitoring and identity theft protection services?

An individual who has been affected can enroll by following the instructions on the notice they received.

The deadline to enroll is December 5, 2022.