On Monday, North Carolina Department of Health and Human Services (DHHS) Acting Medicaid Director Sandra Terrell publically acknowledged that the incorrect mailing of 48,752 Medicaid cards to the wrong addresses was the result of human error in computer programming and in the quality assurance process in printing the new Medicaid identification cards. These new cards were printed for children switched from NC Health Choice to Medicaid because of new eligibility rules under the Affordable Care Act. The incorrect card shows the child’s name, Medicaid identification number, date of birth and primary care physician’s name and physician’s address. No Social Security numbers were released.

The parent or responsible adult who received an incorrect card should immediately destroy it or turn in the card to their county department of social services. A directory of the county social services offices can be found here. DHHS has provided an FAQ sheet for those affected by the breach.

Until a new Medicaid ID card is issued, Medicaid eligible children impacted by this incident may continue to access medical services by using their NC Health Choice ID number or card.

In the meantime, DHHS is reminding doctors to verify a Medicaid beneficiary’s eligibility and identity each time a service is rendered. DHHS also will flag the affected Medicaid ID numbers within its computer systems to carefully monitor their use.

In approximately three weeks, new Medicaid ID cards with a new Medicaid ID number printed on it will be mailed to eligible recipients. Issuing new Medicaid ID numbers will mitigate misuse.

To help affected families know whether the child’s Medicaid ID number was misused, DHHS will send statements of Medicaid services rendered using their Medicaid ID number.

North Carolina Attorney General Roy Cooper also has provided identity protection guidelines for those who were affected by the errors.

DHHS Secretary Aldona Wos has asked the state Office of Information Technology Services to conduct an external review of the processes and procedures that led to this HIPAA breach to ensure a similar incident cannot happen again. DHHS also notified the Office for Civil Rights of the US Department of Health and Human Services as well as the Centers for Medicare & Medicaid Services.