Apple Health HIPAA Violation Affects 91K Medicaid Receivers

As per a statement released by Steve Dotson, HCA risk manager, a Washington State Health Care Authority (HCA) worker has breached the safeguarded health info of 91,000 Apple Health Medicaid package customers over a duration of nearly 3 years.

All affected persons are being informed that their name, Social Security number, Apple Health ID number, date of birth, and private health info were improperly revealed between 2013 and 2015.

The repeated secrecy infringements involved 2 state department workers who exchanged emails having the extremely sensitive data. A lady employed as a medical assistance expert for the HCA repeatedly sent spreadsheets having patient health info as well as Social Security numbers to her brother, who was working for the Department of Social and Health Services (DSHS) as an Internet technician.

The unlawful sharing of patient data is a violation of Health Insurance Portability and Accountability Act laws and demands the sending of violation announcement letters. Those letters were mailed on Tuesday, February 9. All affected persons have been presented free credit monitoring services for one year.

A DSHS whistleblower brought the privacy breaches to the attention of HCA. Upon discovery of the secrecy breaches, HCA carried out a comprehensive internal inquiry. HCA also joined with DSHS to make sure that any data left over on DSHS computers were safeguarded. HCA doesn’t think any data were moved outside the state email system, however, this couldn’t be verified.

The 2 workers were interrogated and both clarified that the woman sent the emails since she needed technical help with the worksheets. Both workers said this was the sole reason why the worksheets were emailed, and patient health info wasn’t forwarded on or else shared with any other person, nor were the data utilized for illegal purposes.

Both workers were sacked for breaching HIPAA regulations and patient secrecy rights. The problem has been referred to federal officers who will be carrying out a further inquiry. At this moment, no other measure has been taken against the 2 workers even though the matter might be subject to a criminal analysis.

Link copied to clipboard
Photo of author

Posted by

Mark Wilson

Mark Wilson is a news reporter specializing in information technology cyber security. Mark has contributed to leading publications and spoken at international forums with a focus on cybersecurity threats and the importance of data privacy. Mark is a computer science graduate.