CDPH reports 'big' data security breach
HIPAA Weekly Advisor, December 20, 2010
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
A magnetic tape containing sensitive personal and medical information for up to 2,550 residents and employees of 600 Southern California skilled nursing facilities has gone missing in the mail, state officials said Wednesday.
Kevin Reilly, the California Department of Public Health’s (CDPH) chief deputy director for policy and programs, described the breach as “a big and unusual event for us,” which resulted from a staff member violating protocol at the West Covina office.
Protocol requires that the state use a private courier instead of the U.S. Postal Service for such sensitive material, but staff in that office sometimes did not follow that protocol. While individual employees have lost laptops containing small amounts of information, Reilly said, “This is definitely the largest breach of confidential and private information we’ve had at the Department of Public Health.”
The tape contains e-mail addresses, investigative reports and background information on healthcare workers, names of healthcare facility residents, some medical diagnoses and Social Security numbers of CDPH employees, facility residents, and healthcare workers dating from 2003, state officials said.
The information was created or sent to the state Division of Licensing and Certification’s West Covina office. The tapes contained everything done in that office, including potentially sensitive investigative documents regarding health facility violation investigations that may not have included personal information or health records, Reilly said.
Spokesman Mike Sicilia explained that the office primarily deals with investigations of certified nursing assistants at skilled nursing facilities in Southern California but that documents involving a few other types of health facilities may also be on the tape.
The material is encrypted under a system that may be hard for a non-state employee to decode, state officials said.
While there was no evidence to date that unauthorized parties have acquired or accessed the information, the CDPH is currently notifying affected individuals, and will advise everyone affected about how to protect themselves from identity theft, state officials said in a news release.
Read more on HIPAA Update.
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Related Products
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Topic: CMS, OESS post new security compliance review information, checklist
- Capturing all necessary codes for IUD insertion and removal can be challenging
- HIPAA Q&A: Level of encryption needed for email
- What does case-mix index mean to you?
- Identify potential Medicaid RAC target areas
- QA:Coding multiple initial infusions
- OB services: Coding inside and outside of the package
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- Q&A: Follow CMS' coding guidelines when using modifier -25
- CMS has reformulated payments for some bilateral procedures
- Catch up on what's new with injections and infusions
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- What does case-mix index mean to you?
- ED-to-inpatient transfers are flawed with safety gaps
- Searched