Joint Statement Regarding TennCare Privacy Breach

Joint Statement Regarding TennCare Privacy Breach

Stephen Smith

TennCare, Gainwell Technologies LLC and Axis Direct, Inc. announced that they have notified approximately 3,300 Medicaid members in the State of Tennessee of a privacy issue that may have impacted their protected health information.

"TennCare is committed to safeguarding the information of our members. We have confidence in Gainwell and the process undertaken to identify the error that impacted certain members and correct it," said TennCare director Stephen Smith.

TennCare was notified by Gainwell, which manages the Medicaid Management Information System (MMIS) operations for TennCare, of this issue on October 23, 2020, and together we moved quickly to conduct a thorough investigation. In November and December 2019, a print/mail vendor, Axis Direct, was managing mailings to Medicaid members in the State of Tennessee. Due to a manual processing error related to change of addresses, subsequent mailings in late 2019 and 2020 were misaddressed. As a result, approximately 3,300 TennCare members may have had their protected health information sent to someone other than the intended recipient.

"Gainwell is committed to protecting the privacy and safeguarding the personal health information of Medicaid members," said Dave Mason, COO, Gainwell. "While we are not aware of any misuse of personal information, we are notifying impacted members about the incident and highlighting the measures we've taken to correct the error and the actions we've taken to help protect their information."

The measures include free credit monitoring for one year as well as a dedicated call center to answer the questions of impacted members.