Des Moines Crisis Observation Center Suppers HIPAA Due to Inappropriate Dissemination of Data

1,071 patients who were treated at the Des Moines Crisis Observation Center managed by Polk County Health Services Inc., have been contacted to advise them  that some of their protected health information has been “accidentally and unknowingly disseminated” at some point in the last 3.5 years.

The breach was first identified on February 14, 2018, although the inquiry revealed that information was first disclosed on June 1, 2014 and persisted until January 11, 2018. The range of information disclosed includes patients’ names along with Social Security numbers, home details, Medicaid ID numbers, admission dates, and specific discharge locations.

Via the Crisis Observation Center, Polk County Health Services supplies mental health treatment services for Polk County residents, IA and is the regional administrator and governing board for mental health and disability treatment for the county.

Polk County Health Services is knowledgeable of the character(s) to whom the information has been sent and was able to figure out the types of information that has been received by those people. The specific details as to how the PHI was disclosed was not explained in the substitute breach notice made available on the Polk County Health Service website.

Actions have been taken to eliminate any further disclosures of personal information or protected health information, and also to eliminate any further dissemination of the data. The actions taken include providing more training to staff on the importance of protecting the privacy of patients and the adaptation of additional computer security protections and protocols to eliminate the unauthorized accessing and disclosure of PHI.

No official reports have been recorded to suggest any patient’s PHI has been misused; however, as a precautionary measure, all individuals that are impacted by the breach have been offered free credit monitoring services for 12 months. Official alerts were broadcast to affected individuals in April and the violation has been reported to the Department of Health and Human Services’ Office for Civil Rights.

Author: Security News