Catch up on the latest HIPAA breach reports.

2,500 patients notified of HIPAA breach from Arizona Department of Health Services

At the end of May, the Arizona Department of Health Services (ADHS) sent notice to approximately 2,500 patients that their protected health information (PHI) may have been breached.

ADHS uses a third-party billing company in Illinois to bill for newborn screening services. ADHS mails the information required to conduct billing to the third-party company. One of the recent mailings was lost by the postal service and ADHS seems to have determined that the records will not be found.

ADHS is currently not providing identity theft protection services as there is no evidence that the information was stolen or misused. However, ADHS suggests affected patients remain vigilant in case any fraudulent activity occurs.

The Mississippi Division of Medicaid notified 5,220 individuals after discovering PHI was not securely transmitted for more than three years

On May 26, the Mississippi Division of Medicaid (DOM) posted a notification letter detailing a long-term breach that affected more than 5,000 individuals. On April 7, DOM discovered that there was an issue with the online service used to create forms posted to the DOM’s website. When an online form was submitted, the information was emailed to designated staff, but wasn’t encrypted. This occurred for three years before the issue was discovered.

Once the issue was discovered, the forms were removed from the website. Additionally, DOM is working to strengthen technical safeguards and update their policies and procedures. DOM does not believe that the information has been misused or improperly disclosed.

Nearly 2,500 Medicaid recipients experienced a HIPAA breach from the North Dakota Department of Human Services

A letter to patients was posted on the North Dakota Department of Human Services (NDDHS) website June 2. The letter details a breach that occurred on May 10 when NDDHS discovered Medicaid, claim- resolution worksheet documents containing protected health information (PHI) in a dumpster. All information was collected from the dumpster and from the person who reported the breach. NDDHS conducted an investigation and took appropriate disciplinary action against the employee who discarded the documents improperly.

As noted in the letter, NDDHS does not feel that the information has been improperly used or disclosed and it appears that NDDHS will not be providing identity theft protection services.

To learn more about what you can do to protect your organization against a potential HIPAA breach, start using HIPAAgps today!