Another Breach for Utah DOH | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Another Breach for Utah DOH

January 24, 2013
by Gabriel Perna
| Reprints

For the second time within a year, the Utah Department of Health (UDOH) is dealing with a data breach of Medicaid patient information. This time, a third-party contract lost a USB device that contained the personal information, including name, Medicaid ID number, age, and prescription drug history, of 6,000 Medicaid patients.

Back in April, UDOH’s data server was breached. This breach led to the illegal access of 24,000 claims. 

 For the most recent breach, UDOH says the contractor, Goold Health Systems (Augusta, Maine) processes Medicaid pharmacy transactions for the agency. The Goold employee apparently saved personal health information on an unencrypted, portable USB memory device and then left UDOH headquarters with the device.  They then misplaced the device while traveling between Salt Lake City, Denver, and Washington DC. 

“There were no Social Security numbers or financial information included in the data, so we believe the potential risk for identity theft is minimal.  Further, we have no reason to believe the data were targeted by anyone to be used for malicious purposes,” UDOH Deputy Director and state Medicaid Director Michael Hales, said in a statement.  “Nevertheless, we understand the anxiety this will likely cause, and want clients to know we are taking all reasonable precautions to ensure the missing data cannot be used to harm individual clients or defraud the Medicaid program.”

According to UDOH, it is taking steps to protect the affected Medicaid identification numbers against potential fraudulent use. It says, the Office of the Health Data Security Ombudsman will commit its full resources to assisting affected clients in any way they need.  

“I have directed UDOH attorneys to review our contract with Goold Health Systems, and I fully intend to seek whatever financial or contractual remedies are available in order to ensure GHS is held accountable for this serious mistake,” UDOH Executive Director David Patton, M.D., said in a statement.  “Protecting our clients’ personal information is of utmost importance to our department, and it must be the number one priority of our contractors as well.”

Patton also stated that he hopes Goold will discipline the employee and that they will no longer be allowed to work with UDOH data.

Topics

News

NewYork-Presbyterian, Walgreens Partner on Telemedicine Initiative

NewYork-Presbyterian and Walgreens are collaborating to bring expanded access to NewYork-Presbyterian’s healthcare through new telemedicine services, the two organizations announced this week.

ONC Releases Patient Demographic Data Quality Framework

The Office of the National Coordinator for Health IT (ONC) developed a framework to help health systems, large practices, health information exchanges and payers to improve their patient demographic data quality.

AMIA, Pew Urge Congress to Ensure ONC has Funding to Implement Cures Provisions

The Pew Charitable Trusts and the American Medical Informatics Association (AMIA) have sent a letter to congressional appropriators urging them to ensure that ONC has adequate funding to implement certain 21st Century Cures Act provisions.

Former Michigan Governor to Serve as Chair of DRIVE Health

Former Michigan Governor John Engler will serve as chair of the DRIVE Health Initiative, a campaign aimed at accelerating the U.S. health system's transition to value-based care.

NJ Medical Group Launches Statewide HIE, OneHealth New Jersey

The Medical Society of New Jersey (MSNJ) recently launched OneHealth New Jersey, a statewide health information exchange (HIE) that is now live.

Survey: 70% of Providers Using Off-Premises Computing for Some Applications

A survey conducted by KLAS Research found that 70 percent of healthcare organizations have moved at least some applications or IT infrastructure off-premises.