April 27, 2018
Over a period of three and a half years, 1,071 patients of Des Moines Crisis Observation Center, who got medical facilities at the Polk County Health Services Inc., have been communicated to instruct them that some of their PHI has been “inadvertently and unintentionally circulated”.
The HIPAA violation was found on February 14, 2018, though the inquiry indicated that information started being exposed on June 1, 2014 and went on until January 11, 2018. The kind of information retrieved includes patients’ identifications along with Social Security details, admission dates, Medicaid ID numbers, addresses, and discharge clinics.
Using the Crisis Observation Center, Polk County Health Services provides mental health facilities for inhabitants of Polk County, IA and is the local administrator and governing board for mental health and disability facilities for the region.
Polk County Health Services knows who got the information and were able to decide the kinds of information that has been obtained by them. The reason for the impermissible exposure of PHI and how PHI came to be exposed was not summarized in the substitute breach notification put out on the Polk County Health Service official website.
Measures have been used to halt any additional exposures of private information or PHI, and also to halt any additional spreading of the data. The measures taken contain providing additional teaching to workers on the significance of protecting the secrecy of patients and the application of more computer safety safeguards and procedures to stop the illegal retrieving and exposure of PHI.
No statements have been submitted to indicate any patient’s PHI has been wrongly used; nevertheless, as a protection, all people affected by the breach have been offered free credit checking services for one year. Warnings were posted to affected people in April and the occurrence has been made known to the Division of Health and Human Services’ Office for Civil Rights (OCR).