Iowa’s Department of Human Services has admitted that it leaked the personal information of 425 patients to nursing facilities.
The leak, which contained the patients’ medical payment data, occurred in December. Medicaid Director Mikki Stier reported the mistake to federal officials and issued an apology last week.
From the Des Moines Register:
“We are not aware of any information being misused and we apologize for any inconvenience or concern this caused the individuals whose information was inadvertently shared with another nursing facility,” said Amy McCoy, a spokeswoman for the Iowa Department of Human Services.
The DHS became aware of the incident on Jan. 22. The agency sent letters dated Feb. 12 to each person, noting that the agency’s Medicaid Enterprise Medical Services had mailed roster reports to the homes and had inadvertently shared the information.
That information included the person’s name, insurance or government program information, name of the current facility where they reside and Medicaid state identification.
Inappropriately sharing the information is a violation of the Health Insurance Portability and Accountability Act, better known as HIPAA.
DHS says it was involved with about 100 HIPAA breaches last year, records that were not immediately made available for public review. Most of those breaches involved individuals and were not as widespread as the nursing homes incident, McCoy said.
McCoy said there is a minimal chance that the information could be misused, adding the 12 nursing home facilities that received the data have confirmed with the state that the information has been shredded.
Photo by Orbis via Flickr CC License.
