1,071 patients who were treated at the Des Moines Crisis Observation Center managed by Polk County Health Services Inc., have been contacted to advise them that some of their protected health information has been “accidentally and unknowingly disseminated” at some point in the last 3.5 years.
The breach was first identified on February 14, 2018, although the inquiry revealed that information was first disclosed on June 1, 2014 and the disclosures persisted until January 11, 2018. The range of information disclosed includes patients’ names along with Social Security numbers, home details, Medicaid ID numbers, admission dates, and discharge locations.
Via the Crisis Observation Center, Polk County Health Services supplies mental health treatment services to Polk County residents, IA and is the regional administrator and governing board for mental health and disability treatment for the county.
Polk County Health Services is aware of the people to whom the information was sent and was able to figure out the types of information that were received by those people. The specific details as to how the PHI was disclosed was not explained in the substitute breach notice made available on the Polk County Health Service website.
Actions have been taken to stop further disclosures of personal information or protected health information. The actions taken include providing more training to staff on the importance of protecting the privacy of patients and the adoption of additional computer security protections and protocols to prevent unauthorized accessing and disclosures of PHI.
No official reports have been recorded to suggest any patient’s PHI has been misused; however, as a precautionary measure, all individuals that were impacted by the breach have been offered free credit monitoring services for 12 months.
Official alerts were sent to affected individuals in April and the breach has been reported to the Department of Health and Human Services’ Office for Civil Rights.