The Florida Department of Health in Palm Beach County has discovered approximately 1,000 patients have had their protected health information inappropriately disclosed, although at this stage little information has been released on the exact nature of the data breach.
In February, the DOH was informed by law enforcement officers that there had been a potential breach of patients’ protected health information. A list containing the names, dates of birth, phone numbers, Social Security numbers, Medicaid numbers, and medical record numbers had been recovered. Florida DOH was asked to verify that the individuals on the list were DOH patients. The patients were identified as having visited DOH facilities in Palm Beach County.
At this stage no information has been released to indicate how the list was obtained by law enforcement. No employees have been implicated at this point in time and an investigation into the breach is ongoing.
All affected patients have been contacted by mail and informed that their PHI has been exposed. They have been advised to obtain a free credit report, review their credit histories, and report any suspicious activity to law enforcement.
Patients have been advised that they can place a credit freeze on their account at a cost of up to $5, although this can be recovered from the credit reference agency if patients have their identities stolen. It would not appear that credit monitoring or identity theft protection services are not being offered to affected patients.
The Florida DOH has pointed out that all staff are trained on the HIPAA Privacy Rule and information security training is also provided.
Even with training on HIPAA, some employees choose to violate privacy rules and steal patient health information and use it for personal gain. In May, 2015, a former clerk employed at the Palm Beach County Health Department was found guilty of stealing the PHI of approximately 2,880 patients. Those data were subsequently provided to her accomplices who used the information to file fraudulent tax returns in the names of the victims.
After discovering that data had been stolen, the Florida DOH implemented measures to reduce the risk of recurrences, which included conducting more thorough background checks on employees before appointment.
The post Florida Department of Health Notifies Palm Beach County Patients of PHI Breach appeared first on HIPAA Journal.