- For the second time in two months, the North Carolina Department of Health and Human Services (DHHS) has experienced a health data breach due to an improperly encrypted email, according to WRAL.com.
The incident, which occurred in September, involves the health data of 524 state Medicaid patients. Although DHHS reports that the email that compromised the information was sent to the correct recipient, there is still the risk that the email was intercepted. However, DHHS added it has no reason to believe that the email was intercepted.
The health data breach disclosed various health information for Medicaid patients, including patient names, addresses, Medicaid recipient ID numbers, genders, ethnicity, race, insurance information, provider names, Social Security numbers, and dates of birth.
As previously stated, this type of incident has occurred previously at DHHS. In August, the department reported a similar health data breach due to incorrectly encrypted emails. In this incident, which occurred on August 19 and was reported on October 16, Social Security numbers and dates of birth were not disclosed. However, this incident potentially affected far more patients, disclosing the PHI of nearly 1,615 Medicaid recipients.
To correct for these kinds of health data security issues, DHHS reportedly has plans to overhaul the email encryption process by updating email software. This software will block any email containing patient information from being sent until the information has been encrypted.
DHHS officials state that this software update is important because it eliminates the risk of human error, a major factor in the past two email data breaches.
“We take very seriously our responsibility to secure the personal information entrusted to us,” said Dave Richard, DHHS deputy secretary in charge of Medicaid. “This technology adds a safety net and a layer of protection that goes beyond the human element. This is an important, necessary addition to our workflow.”
DHHS also faced health data security issues back in 2014. As a result of a mis-mailing, the department sent Medicaid cards intended for children to the wrong addresses, exposing the health information of nearly 48,752 patients. The disclosed information included patient names, Medicaid ID numbers, dates of birth, and the names of their primary care physicians.
This incident was reportedly also the result of a human error in quality assurance testing.
DHHS officials stated that it was the agency’s responsibility to protect patient information, and therefore apologized for the data breach.
“I deeply apologize for the impact that this has caused to the citizens of the state,” DHHS secretary Aldona Wos explained at the time. “First and foremost, I firmly believe as secretary, that it is my obligation to ensure that the children and families we serve receive their health care … in a protected and secure environment.”