25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Kern County Mental Health Department Announces Privacy Breach

Posted By on Jun 14, 2016

Kern County Mental Health Department, CA., (KCMH) has reported a breach of protected health information which occurred during the relocation of its administrative department in April, 2016.

The breach involved the exposure of a limited amount of protected health information of patients who had previously received care from KCMH between September 1, and September 30, 2006.

When the administrative department relocated, the former offices were renovated. A single document was left behind in the offices and could potentially have been viewed by construction workers. The document was discovered by a KCMH staff member upon return to the offices. During the time that the report was left unprotected, staff members did not have access to the area.

The report contained patients’ full names, internal record numbers, service codes, and the unit where treatment was provided. While patients could have been identified as having previously received treatment from KCMH and/or its contractors, the mental health services received were only identifiable by their codes.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

KCMH confirmed that highly sensitive data such as financial information credit/debit card numbers, insurance information, and driver’s license numbers were not exposed.

KCMH investigated the incident and ascertained that the entire report had been recovered and no data were missing. KCMH does not believe the report was viewed or copied by any unauthorized individuals. The pages were recovered in the correct order and the report appeared to have been undisturbed.

KCMH has updated policies and procedures to ensure that similar breaches of patient privacy do not occur in the future.

Update: June 24, 2016:

The privacy breach has now been uploaded to the Department of Health and Human Services website. The breach report indicates 1,212 individuals have been affected by the breach. Patients have been notified if they were affected and a media notice has been issued in accordance with HIPAA Rules.

 

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist