Employees mishandle data, violate HIPAA in Washington State Medicaid breach

The Washington State Health Care Authority (HCA) announced yesterday that employees at two state agencies committed a HIPAA violation by improperly exchanging private data pertaining to its Apple Health Medicaid clients.

How many victims? 91,000

What type of information? Social Security numbers, birthdates, Apple Health client ID numbers and private health information.

What happened? Two state workers from separate state agencies exchanged Apple Health client files, after the HCA employee requested technical assistance with spreadsheets containing the private data. This HIPAA violation was uncovered during an unrelated whistleblower investigation into misuse of state resources.

What was the response? HCA conducted a joint internal investigation with the other involved agency to assess the extent of the violation. HCA contact the affected customers and offers one year of free credit monitoring for them. While this does not appear to be a malicious breach, the two culpable employees were terminated.

Details? “While we have no indication that the client files went beyond the two individuals involved, important privacy laws were violated and we are exercising caution and due diligence given the nature of the information,” said HCA Risk Manager Steve Dotson in the agency's press statement. HCA's Apple Health program covers more than 1.8 million low-income Washington residents.

Source: Washington State Health Care Authority

You must be a registered member of SC Magazine to post a comment.

RECENT COMMENTS

Sign up to our newsletters

FOLLOW US