The Yuma, Ari. Fire Department recently announced a patient data breach that stems from an Advanced Data Processing (ADP) employee that had passed on patient data to parties involved with a fraudulent tax refund scheme in Florida.
ADP handles billing for Yuma’s emergency medical services and it claims that no patient data (the number of patients is unknown) has been compromised or use improperly to this point. While the report says that no medical information was compromised, names, dates of birth, Social Security numbers and record identifiers were accessed.
The company first heard of the breach on Oct. 1, 2012 and ADP says that the employee was quickly fired, arrested and prosecuted for their actions. “Unfortunately, this is a big problem … a nationwide problem,” said Lisa MacKenzie, media contact for Advanced Data Processing, told YumaSun.com.
Though it’s comfortable in saying that no patient data has been exposed, ADP sent letters to all potentially-affected patients and because some addresses were undeliverable, it posted a notice on the Yuma website.
The employee was apprehended by authorities, immediately terminated by the Company and no longer has access to Company systems. The Company also thoroughly investigated the matter. To help minimize the risk of future data breaches, the Company is making its employees aware of this incident and the consequences to the individual involved and reminding its employees of the importance of maintaining the security and confidentiality of individual records.
ADP, according to MacKenzie, maintains that it already has a stringent security program in place and that this was a rogue incident, but it still plans on reinforcing privacy and security regulations to employees. “The city monitored this situation from the outset and has been satisfied with ADPI’s response,” said Dave Nash, public affairs coordinator, to YumaSun.com. “They discovered the incident quickly. They caught the person they believe responsible for it, terminated her and fully cooperated with authorities in a criminal investigation.”
This applies directly to the new HIPAA omnibus rule regarding subcontractors. Though an ADP employee breached the data, the Yuma Fire Department may have to be answering questions for the Department of Health and Human Services (HHS) at some point as a result of the incident.