Breaches at 2 Public Health Departments

California, Connecticut Report Health Information Breach Incidents
Breaches at 2 Public Health Departments
The public health departments in two states at the forefront of cracking down on health information breaches have reported breaches of their own that may violate patient privacy.

The California Department of Public Health reported that a magnetic tape mailed from one office to another has been lost. The unencrypted tape included information on up to 2,550 public health facility residents and staff.

Information on the tape included Social Security numbers for some residents, employees and healthcare workers, as well as health information on some residents, employee e-mails, investigative reports and background information on healthcare workers.

The tape was mailed via the U.S. Postal Service as part of a procedure for backing up computer data, the department reported. The envelope arrived at its destination unsealed and empty.

The department has implemented policies and procedure changes to minimize the likelihood of a recurrence and is researching options that would eliminate the need for backup tape, according to a statement.

The department is notifying those affected, as required under the HITECH Act breach notification rule. It reports that so far, there is no evidence that unauthorized parties have accessed personal information from the tape.

Ironically, the California Department of Public Health has issued numerous fines to hospitals for breach violations under the state's tough laws.

Connecticut Health Information Breach

Meanwhile, the Connecticut Department of Public Health reported a glitch during a system upgrade to appointment scheduling software. Information intended for regional offices was inadvertently sent to an undetermined number of e-mail addresses in the state. The department is still investigating the cause of the error.

The information in the e-mails included the names of clients, phone numbers and confirmation of appointments. The number of individuals affected has not yet been determined, and the department is considering "remedies" for affected individuals, according to a statement.

The Connecticut attorney general was the first in the nation to file a federal civil suit for HIPAA violations as enabled under the HITECH Act. Plus, under a new state policy, insurers in Connecticut must report health information breaches within five days, even if the data was encrypted.

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.