25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Indiana Medicaid Recipients Alerted to Potential Data Breach

Posted By on Jul 4, 2017

Medicaid recipients in Indiana are being notified that some of their protected health information was accessible over the Internet between February and May this year.

The fiscal agent for the Indiana Health Coverage Program (IHCP), DXC Technology, says a hyperlink to an IHCP report containing patient information was accessible online. The report was an internal document used for administrative functions.

The information exposed was limited to names, Medicaid ID numbers, patient numbers, procedure codes, dates of service, payment amounts and names/addresses of health care providers. At no point was it possible for Social Security numbers, addresses or financial information to be accessed.

While protected health information could potentially have been accessed via the Internet, no evidence has been uncovered to suggest the link was clicked or that any information was stolen.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

DXC Technology is contacting all affected individuals by mail to alert them to the potential data breach to allow them to take precautions to protect their identities and to satisfy state and federal regulatory requirements. As an additional precaution, all affected individuals are being offered complimentary credit protection services for 12 months, even though DXC Technology does not believe any information has been, or will be, used inappropriately.

DXC Technology says the issue has now been mitigated and the report is no longer accessible.

Employee of Professional Counseling and Medical Associates Stole Patients PHI

Paris, TN-based Professional Counseling and Medical Associates has discovered a former employee copied information from its electronic health record system on or around May 14, 2017.

The data theft was discovered on May 22 and the incident was reported to law enforcement and state and federal agencies. The counselling service does not believe the individual disseminated the information publicly, but the possibility cannot be ruled out.

The stolen data include names, dates of birth, home addresses and insurance information, with some individuals’ medical notes and counselling records also believed to have been copied.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist