Last week, you may have heard CVS Caremark sent out medical information letters to health care plan members which included names, prescription drug(s), and respective medical condition(s) the drugs are used for.
You also must have heard they sent it out to the wrong members. Oops!
According to a Boston.com report, the Rhode Island-based chain sent the letters to Tufts Health Care members – when really, they should have gone to customers enrolled in supplemental Medicare plans managed by Tufts.
CVS referred to the mistake as a “programming error” that occurred in Late Jan. – early Feb., and has since asked recipients to return the letters or “confirm they were destroyed.” They have apologized for the incident and maintain their customers’ personal security is their highest priority, but won’t comment further.
What do you mean the organization won’t comment further? How about assuring customers and the public their systems are safe? It’s terrific that no account numbers or other pertinent identity information was included in this booboo. But, if simple letters as these can fall into the wrong hands, why can’t more “secure” information do the same?
I’m sure intended recipients have asked these same questions, and have received some sort of answer from the chain. But, why no response to the public about the intentions/steps CVS Caremark is taking to improve security so this won’t happen again?
In closing, we appear to live in an era where personal information – despite security precautions – seems easily accessible (view Mastercard/Visa “Oopsie” moment here) to others. The question is: What can we do as consumers to better protect ourselves, if the businesses we trust can’t seem too?
Thoughts? Share them with me below!