- The Ohio Department of Mental Health and Addiction Services (OhioMHAS) has reported a potential healthcare data breach that has affected 59,000 individuals.
OhioMHAS announced that PHI was exposed after postcards were sent to patients who received mental health services in February 2016. The mailing was a request for participation in a satisfaction survey, which is conducted every year.
The consumer satisfaction survey results are used to report to the federal Mental Health Block Grant and implement updated quality improvement programs at the department.
On February 25, the healthcare department discovered that the postcards were not sent in sealed envelopes to protect patient information. OhioMHAS noted that the request for participation should have also been closed to prevent patients from being associated with the satisfaction survey from the mental health and addiction services department.
Through the potential healthcare data breach, patient information, including names, addresses, and a request for participation in the services satisfaction survey, was inadvertently disclosed.
Personal information, such as Social Security numbers and financial data, were not contained in the mailing, confirmed OhioMHAS. The postcards also did not include health information about mental condition or services received.
In response to the security event, the healthcare department reported that it will review and update its policies and procedures regarding consumer outreach and healthcare data security. The department also stated that it will provide additional training to all staff members.
Affected individuals will receive a notification letter from OhioMHAS about the possible disclosure of PHI and a call center has been established to field questions about the incident. The healthcare department assured patients that notification letters will be sent via US mail in sealed envelopes.
OhioMHAS also conducted an internal investigation after the possible healthcare data breach and uncovered that previous surveys may have also exposed PHI.
“OhioMHAS takes very seriously its commitment to the privacy and protection of people receiving mental health treatment,” stated OhioMHAS Director Tracy Plouck in an official press release. “We regret this situation and any concern it may cause, and we are committed to diligently safeguarding consumer information moving forward.”
The possible PHI breach at OhioMHAS is the sixth largest healthcare data security incident to be reported in 2016, according to the Office of Civil Right’s data breach portal.
In addition to the possible healthcare data breach, OhioMHAS may also face significant challenges with patient satisfaction.
According to a recent TransUnion survey, about 65 percent of surveyed adults reported that they avoid healthcare providers that had previously reported a healthcare data breach.