- The Fairfax County, Va. Health Department has informed 1,499 patients who received care at Bailey’s Health Center of Falls Church, Va. that their data had been exposed as a result of a downstream data breach.
Fairfax contractor Molina Healthcare, Inc. has a subcontract with Health Business Systems (HBS), which offers prescription services to Bailey’s Health Center patients. On Oct. 18, 2013, according to Fairfax County’s statement, HBS notified Molina that a computer file with 1,499 Bailey’s Health Center patients’ pharmaceutical records was inadvertently left on an unsecured computer server. It was then accessed by three separate entities on four occasions between Sept. 9, 2013 and Oct. 3, 2013. Fairfax County said that it discovered Oct. 4, 2013 and all of the compromised files containing personal patient information were moved to a secured server on Oct. 7, 2013.
Among the exposed information were names and addresses of the patients, pharmacy identification numbers of the patients, medication names and dosages, descriptions of medications’ National Drug Code, payment information, prescriber’s name and address and some patient Social Security numbers.
Fairfax County has taken the circumstances surrounding this breach of patient privacy very seriously. Although the County has in place multiple administrative requirements needed to protect your health information in compliance with HIPAA, this incident has lead us to review our current contract language and requirements related to the handling of pharmaceutical records to prevent such occurrences in the future. We plan to take further steps to safeguard our patient care records including a review of existing databases in order to confirm that all private patient information is secured on encrypted servers pursuant to Fairfax County Policy. Fairfax County will continue to take all necessary steps to protect the personal information of patients of the CHCN.
This breach follows up another Fairfax Health Department breach from July where a school nurse’s laptop containing health records was stolen.