Breach, Compliance Management, Data Security, Privacy

Employees mishandle data, violate HIPAA in Washington State Medicaid breach

The Washington State Health Care Authority (HCA) announced yesterday that employees at two state agencies committed a HIPAA violation by improperly exchanging private data pertaining to its Apple Health Medicaid clients.

How many victims? 91,000

What type of information? Social Security numbers, birthdates, Apple Health client ID numbers and private health information.

What happened? Two state workers from separate state agencies exchanged Apple Health client files, after the HCA employee requested technical assistance with spreadsheets containing the private data. This HIPAA violation was uncovered during an unrelated whistleblower investigation into misuse of state resources.

What was the response? HCA conducted a joint internal investigation with the other involved agency to assess the extent of the violation. HCA contact the affected customers and offers one year of free credit monitoring for them. While this does not appear to be a malicious breach, the two culpable employees were terminated.

Details? “While we have no indication that the client files went beyond the two individuals involved, important privacy laws were violated and we are exercising caution and due diligence given the nature of the information,” said HCA Risk Manager Steve Dotson in the agency's press statement. HCA's Apple Health program covers more than 1.8 million low-income Washington residents.

Source: Washington State Health Care Authority

Bradley Barth

As director of community content at CyberRisk Alliance, Bradley Barth develops content for SC Media online conferences and events, as well as video/multimedia projects. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.